diff --git a/packaging/deb/debian/apparmor/bwrap b/packaging/deb/debian/apparmor/bwrap
deleted file mode 100644
index d2743478f..000000000
--- a/packaging/deb/debian/apparmor/bwrap
+++ /dev/null
@@ -1,9 +0,0 @@
-abi <abi/4.0>,
-include <tunables/global>
-
-profile bwrap /usr/bin/bwrap flags=(unconfined) {
-  userns,
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/bwrap>
-}
diff --git a/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu b/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu
new file mode 100644
index 000000000..286131626
--- /dev/null
+++ b/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu
@@ -0,0 +1,68 @@
+# This profile allows almost everything and only exists to allow
+# bwrap to work on a system with user namespace restrictions
+# being enforced.
+# bwrap is allowed access to user namespaces and capabilities
+# within the user namespace, but its children do not have
+# capabilities, blocking bwrap from being able to be used to
+# arbitrarily by-pass the user namespace restrictions.
+#
+# Note: the bwrap child is stacked against the bwrap profile due to
+# bwraps use of no-new-privs
+
+# disabled by default as it can break some use cases on a system that
+# doesn't have or has disable user namespace restrictions for unconfined
+# use aa-enforce to enable it
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) {
+  allow capability,
+  # not allow all, to allow for pix stack
+  # sadly we have to allow  m every where to allow children to work under
+  # stacking.
+  allow file rwlkm /{**,},
+  allow network,
+  allow unix,
+  allow ptrace,
+  allow signal,
+  allow mqueue,
+  allow io_uring,
+  allow userns,
+  allow mount,
+  allow umount,
+  allow pivot_root,
+  allow dbus,
+  allow px /** -> bwrap//&unpriv_bwrap,
+
+  # the local include should not be used without understanding the userns
+  # restriction.
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/bwrap-userns-restrict>
+}
+
+profile unpriv_bwrap flags=(attach_disconnected,mediate_deleted) {
+  # not allow all, to allow for pix stack
+  allow file rwlkm /{**,},
+  allow network,
+  allow unix,
+  allow ptrace,
+  allow signal,
+  allow mqueue,
+  allow io_uring,
+  allow userns,
+  allow mount,
+  allow umount,
+  allow pivot_root,
+  allow dbus,
+
+  allow pix /** -> &unpriv_bwrap,
+
+  audit deny capability,
+
+  # the local include should not be used without understanding the userns
+  # restriction.
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/unpriv_bwrap>
+}
diff --git a/packaging/deb/debian/python3-umu-launcher.install b/packaging/deb/debian/python3-umu-launcher.install
index 86db3b826..70421fb42 100644
--- a/packaging/deb/debian/python3-umu-launcher.install
+++ b/packaging/deb/debian/python3-umu-launcher.install
@@ -2,4 +2,4 @@ usr/bin/umu-run
 usr/share/man/*
 usr/share/steam/compatibilitytools.d/umu-launcher/
 usr/lib/python3/dist-packages/umu*
-debian/apparmor/bwrap etc/apparmor.d/
+debian/apparmor/bwrap-userns-restrict-umu etc/apparmor.d/