diff --git a/apparmor.d/abstractions/bwrap b/apparmor.d/abstractions/bwrap
index 87fb68e4e..bd42310d5 100644
--- a/apparmor.d/abstractions/bwrap
+++ b/apparmor.d/abstractions/bwrap
@@ -14,13 +14,16 @@
   network netlink raw,
 
   mount fstype=devpts options=(rw nosuid noexec)                devpts -> /newroot/dev/pts/,
-  mount fstype=proc options=(rw nosuid nodev noexec)              proc -> /newroot/@{PROC}/,
-  mount fstype=tmpfs options=(rw nosuid nodev)                   tmpfs -> /newroot/dev/,
-  mount fstype=tmpfs options=(rw nosuid nodev)                   tmpfs -> /newroot/tmp/,
-  mount fstype=tmpfs options=(rw nosuid nodev)                   tmpfs -> /tmp/,
+  mount fstype=proc   options=(rw nosuid nodev noexec)            proc -> /newroot/@{PROC}/,
+  mount fstype=tmpfs  options=(rw nosuid nodev)                  tmpfs -> /newroot/dev/,
+  mount fstype=tmpfs  options=(rw nosuid nodev)                  tmpfs -> /newroot/tmp/,
+  mount fstype=tmpfs  options=(rw nosuid nodev)                  tmpfs -> /tmp/,
   mount options=(ro nosuid nodev noexec remount bind silent relatime)  -> /newroot/**/,
+  mount options=(ro nosuid nodev noexec remount bind silent)           -> /newroot/@{run}/,
+  mount options=(ro nosuid nodev noexec remount noatime bind silent)   -> /newroot/**/,
   mount options=(ro nosuid nodev remount bind silent relatime)         -> /newroot/**/,
-  mount options=(rw nosuid nodev remount bind silent relatime)         -> /newroot/**/,
+  mount options=(ro nosuid nodev remount bind silent)                  -> /newroot/dev/{,**/},
+  mount options=(ro nosuid nodev remount noatime bind silent)          -> /newroot/,
   mount options=(rw rbind)                               /tmp/newroot/ -> /tmp/newroot/,
   mount options=(rw rbind)                              /oldroot/dev/* -> /newroot/dev/*, 
   mount options=(rw rbind)                             /oldroot/{,**/} -> /newroot/{,**/},