diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.statd b/profiles/apparmor/profiles/extras/sbin.rpc.statd
index dcef0872b..58300d1d4 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.statd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.statd
@@ -14,6 +14,7 @@ include <tunables/global>
 
 profile rpc.statd /{usr/,}sbin/rpc.statd {
   include <abstractions/base>
+  include <abstractions/hosts_access>
   include <abstractions/nameservice>
 
   # needed to sanely drop privileges
@@ -32,6 +33,9 @@ profile rpc.statd /{usr/,}sbin/rpc.statd {
   @{PROC}/sys/fs/nfs/nsm_local_state w,
 
   /etc/netconfig                   r,
+  /etc/nfs.conf                    rk,
+  /etc/nfs.conf.d/                 r,
+  /etc/nfs.conf.d/*                rk,
   /etc/rpc                         r,
   /{usr/,}sbin/rpc.statd           mrix,
   /{usr/,}sbin/sm-notify           mrix,
@@ -46,7 +50,7 @@ profile rpc.statd /{usr/,}sbin/rpc.statd {
   /var/lib/nfs/statd/sm.bak/*      rwl,
   /var/lib/nfs/state               rwk,
   /var/lib/nfs/state.new           rwl,
-  /{,var/}run/rpc.statd.pid        w,
-  /{,var/}run/rpcbind.sock         rw,
-  /{,var/}run/sm-notify.pid        w,
+  @{run}/rpc.statd.pid             w,
+  @{run}/rpcbind.sock              rw,
+  @{run}/sm-notify.pid             w,
 }