diff --git a/apparmor.d/profiles-a-f/dfc b/apparmor.d/profiles-a-f/dfc
index d8a546898..95e54e090 100644
--- a/apparmor.d/profiles-a-f/dfc
+++ b/apparmor.d/profiles-a-f/dfc
@@ -11,6 +11,10 @@ profile dfc @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
 
+       capability dac_read_search,
+  # No visible effect
+  deny capability dac_override,
+
   @{exec_path} mr,
 
   owner @{PROC}/@{pid}/mounts r,