diff --git a/etc/apparmor.d/usr.lib.security-misc.permission-lockdown b/etc/apparmor.d/usr.lib.security-misc.permission-lockdown
new file mode 100644
index 0000000..018090e
--- /dev/null
+++ b/etc/apparmor.d/usr.lib.security-misc.permission-lockdown
@@ -0,0 +1,35 @@
+#include <tunables/global>
+
+/usr/lib/security-misc/permission-lockdown flags=(attach_disconnected) {
+  #include <abstractions/bash>
+
+  capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
+
+  /bin/bash ix,
+  /bin/chmod mrix,
+  /bin/echo mrix,
+  /bin/mkdir mrix,
+  /bin/touch mrix,
+  /usr/bin/basename mrix,
+  /usr/bin/touch mrix,
+  /usr/lib/security-misc/permission-lockdown r,
+
+  /home/*/ w,
+
+  /{usr/,}lib{,32,64}/** mr,
+
+  /etc/ld.so.cache r,
+  owner /etc/locale.alias r,
+  owner /etc/nsswitch.conf r,
+  owner /etc/passwd r,
+
+  owner /var/cache/security-misc/state-files/ rw,
+  owner /var/cache/security-misc/state-files/* rw,
+
+  /dev/tty rw,
+  
+  #include <local/usr.lib.security-misc.permission-lockdown>
+}