From 70f2b531f4893bf6a230dbcb446f1c5f2f863230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Griepenburg?= <joegriepen@gmail.com>
Date: Tue, 9 Sep 2025 18:56:35 +0200
Subject: [PATCH] docs(apparmor): add warning about profile persistence

across reboots, as `/etc/apparmor.d/containers` will not be loaded, leading to the example `nginx` container not being able to start.
---
 content/manuals/engine/security/apparmor.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/content/manuals/engine/security/apparmor.md b/content/manuals/engine/security/apparmor.md
index 8b6b1e0433dd..5c0910eddf7a 100644
--- a/content/manuals/engine/security/apparmor.md
+++ b/content/manuals/engine/security/apparmor.md
@@ -197,6 +197,13 @@ profile docker-nginx flags=(attach_disconnected,mediate_deleted) {
 
 You just deployed a container secured with a custom apparmor profile.
 
+> [!WARNING]
+>
+> The activation of the custom AppArmor profile in `/etc/apparmor.d/containers/docker-nginx` will not persist across restarts.
+> After a reboot the container will fail to start, as it expects the `docker-nginx` profile to be loaded.
+>
+> Only profiles directly located in `/etc/appamor.d/` will be automatically applied in enforce mode.
+> For more information about the AppArmor directory structure, have a look at [Policy Layout](https://gitlab.com/apparmor/apparmor/-/wikis/Policy_Layout).
 
 ## Debug AppArmor