diff --git a/internal/server/apparmor/instance_qemu.go b/internal/server/apparmor/instance_qemu.go
index 6a1fd20831f..dbbd2f527ce 100644
--- a/internal/server/apparmor/instance_qemu.go
+++ b/internal/server/apparmor/instance_qemu.go
@@ -30,7 +30,9 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   /etc/ceph/**                              r,
   /etc/machine-id                           r,
   /run/udev/data/*                          r,
-  /proc/sys/vm/max_map_count                r,
+  ${PROC}/sys/vm/max_map_count              r,
+  ${PROC}/@{pid}/cpuset                     r,
+  ${PROC}/@{pid}/task/*/comm                rw,
   /sys/bus/                                 r,
   /sys/bus/nd/devices/                      r,
   /sys/bus/usb/devices/                     r,
@@ -44,8 +46,6 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
 {{- end }}
   /usr/share/qemu/**                        kr,
   /usr/share/seabios/**                     kr,
-  owner @{PROC}/@{pid}/cpuset               r,
-  owner @{PROC}/@{pid}/task/@{tid}/comm     rw,
   /etc/nsswitch.conf         r,
   /etc/passwd                r,
   /etc/group                 r,