diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go
index 9b9cfe4e80..49c950e8e1 100644
--- a/contrib/apparmor/template.go
+++ b/contrib/apparmor/template.go
@@ -14,6 +14,9 @@ profile /usr/bin/docker (attach_disconnected, complain) {
   mount -> /proc/**,
   mount -> /sys/**,
   mount -> /run/docker/netns/**,
+  mount -> /.pivot_root[0-9]*/,
+
+  / r,
 
   umount,
   pivot_root,
@@ -29,6 +32,7 @@ profile /usr/bin/docker (attach_disconnected, complain) {
   @{DOCKER_GRAPH_PATH}/** rwl,
   @{DOCKER_GRAPH_PATH}/linkgraph.db k,
   @{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
+  @{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
 
   # For non-root client use:
   /dev/urandom r,