diff --git a/services/clsi/app/js/DockerRunner.js b/services/clsi/app/js/DockerRunner.js
index 5de0586818..28d7636f0a 100644
--- a/services/clsi/app/js/DockerRunner.js
+++ b/services/clsi/app/js/DockerRunner.js
@@ -270,6 +270,12 @@ const DockerRunner = {
       )
     }
 
+    if (Settings.clsi.docker.apparmor_profile != null) {
+      options.HostConfig.SecurityOpt.push(
+        `apparmor=${Settings.clsi.docker.apparmor_profile}`
+      )
+    }
+
     if (Settings.clsi.docker.runtime) {
       options.HostConfig.Runtime = Settings.clsi.docker.runtime
     }
diff --git a/services/clsi/config/settings.defaults.js b/services/clsi/config/settings.defaults.js
index 352c045d27..e36334df1b 100644
--- a/services/clsi/config/settings.defaults.js
+++ b/services/clsi/config/settings.defaults.js
@@ -143,6 +143,15 @@ if (process.env.DOCKER_RUNNER) {
     process.exit(1)
   }
 
+  if (process.env.APPARMOR_PROFILE) {
+    try {
+      module.exports.clsi.docker.apparmor_profile = process.env.APPARMOR_PROFILE
+    } catch (error) {
+      console.error(error, 'could not apply apparmor profile setting')
+      process.exit(1)
+    }
+  }
+
   if (process.env.ALLOWED_IMAGES) {
     try {
       module.exports.clsi.docker.allowedImages =