diff --git a/apparmor.d/groups/virt/cni-calico b/apparmor.d/groups/virt/cni-calico
index cf653b4d9..7e5b0b73e 100644
--- a/apparmor.d/groups/virt/cni-calico
+++ b/apparmor.d/groups/virt/cni-calico
@@ -34,7 +34,9 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
   @{run}/calico/ipam.lock rwk,
   @{run}/netns/cni-@{uuid} r,
 
-  /proc/sys/net/ipv4/ip_forward rw,
+  @{PROC}/sys/net/ipv4/ip_forward rw,
+  @{PROC}/sys/net/ipv4/{conf,neigh}/cali[0-9a-z]*/* rw,
+  @{PROC}/sys/net/ipv6/{conf,neigh}/cali[0-9a-z]*/* rw,
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index 83101f904..89196c105 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -62,7 +62,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
   /var/lib/cni/{,**/} w,
   /var/lib/cni/results/cni-loopback-@{uuid}-lo wl,
   /var/lib/cni/results/cni-loopback-[0-9a-f]*-lo wl,
-  /var/lib/cni/results/k8s-pod-network-[0-9a-f]*-eth0
+  /var/lib/cni/results/k8s-pod-network-[0-9a-f]*-eth0,
   /var/lib/containerd/{,**} rwk,
   /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
   /var/lib/docker/containerd/{,**} rwk,