diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common
index d0722eb14..d39159ecf 100644
--- a/profiles/apparmor.d/abstractions/dovecot-common
+++ b/profiles/apparmor.d/abstractions/dovecot-common
@@ -19,6 +19,8 @@
   signal receive peer=dovecot,
 
   owner @{run}/dovecot/config rw,
+  owner @{run}/dovecot/dovecot.conf.binary r,
+  owner /tmp/doveconf.* r,
 
   # Include additions to the abstraction
   include if exists <abstractions/dovecot-common.d>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
index c0ae6a58f..471e0651d 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.config
+++ b/profiles/apparmor.d/usr.lib.dovecot.config
@@ -28,6 +28,8 @@ profile dovecot-config /usr/lib*/dovecot/config {
   /usr/lib*/dovecot/managesieve Px,
   /usr/share/dovecot/** r,
   /var/lib/dovecot/ssl-parameters.dat r,
+  owner @{run}/dovecot/dovecot.conf.binary* rw,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.lib.dovecot.config>
diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
index 246a43b59..5f5aba514 100644
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -78,6 +78,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
   @{run}/dovecot/ rw,
   @{run}/dovecot/** rw,
   link @{run}/dovecot/** -> /var/lib/dovecot/**,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.sbin.dovecot>