diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
index 9998f1121..9f64c2727 100644
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -22,6 +22,7 @@
   mount -> /var/lib/lxc/{**,},
 
   mount /dev/.lxc-boot-id -> /proc/sys/kernel/random/boot_id,
+  mount options=(ro, nosuid, nodev, noexec, remount, bind) -> /proc/sys/kernel/random/boot_id,
 
   # required for some pre-mount hooks
   mount fstype=overlayfs,