diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index c110f6a27..0218cdac7 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2566,8 +2566,10 @@ void lxc_conf_free(struct lxc_conf *conf)
 	if (conf->rootfs.mount != LXCROOTFSMOUNT)
 		free(conf->rootfs.mount);
 	lxc_clear_config_network(conf);
+#if HAVE_APPARMOR
 	if (conf->aa_profile)
 		free(conf->aa_profile);
+#endif
 	lxc_clear_config_caps(conf);
 	lxc_clear_cgroups(conf, "lxc.cgroup");
 	lxc_clear_hooks(conf);
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 11d863b34..abe4cfa2a 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1523,8 +1523,10 @@ int lxc_get_config_item(struct lxc_conf *c, char *key, char *retv, int inlen)
 		v = c->ttydir;
 	else if (strcmp(key, "lxc.arch") == 0)
 		return lxc_get_arch_entry(c, retv, inlen);
+#if HAVE_APPARMOR
 	else if (strcmp(key, "lxc.aa_profile") == 0)
 		v = c->aa_profile;
+#endif
 	else if (strcmp(key, "lxc.cgroup") == 0) // all cgroup info
 		return lxc_get_cgroup_entry(c, retv, inlen, "all");
 	else if (strncmp(key, "lxc.cgroup.", 11) == 0) // specific cgroup info
@@ -1598,8 +1600,10 @@ void write_config(FILE *fout, struct lxc_conf *c)
 	case PER_LINUX: fprintf(fout, "lxc.arch = x86_64\n"); break;
 	default: break;
 	}
+#if HAVE_APPARMOR
 	if (c->aa_profile)
 		fprintf(fout, "lxc.aa_profile = %s\n", c->aa_profile);
+#endif
 	lxc_list_for_each(it, &c->cgroup) {
 		struct lxc_cgroup *cg = it->elem;
 		fprintf(fout, "lxc.cgroup.%s = %s\n", cg->subsystem, cg->value);