diff --git a/interfaces/builtin/docker_support.go b/interfaces/builtin/docker_support.go
index 4c851257909..3db18227b30 100644
--- a/interfaces/builtin/docker_support.go
+++ b/interfaces/builtin/docker_support.go
@@ -139,6 +139,10 @@ ptrace (read, trace) peer=docker-default,
 
 #cf bug 1502785
 / r,
+
+# needed by runc for mitigation of CVE-2019-5736
+# For details see https://bugs.launchpad.net/apparmor/+bug/1820344
+/ ix,
 `
 
 const dockerSupportConnectedPlugSecComp = `