diff --git a/mysql/apparmor.sls b/mysql/apparmor.sls
new file mode 100644
index 0000000000000000000000000000000000000000..9ab92ef9d864a8ebf5aead45f3fe8f9f91a410ca
--- /dev/null
+++ b/mysql/apparmor.sls
@@ -0,0 +1,10 @@
+{% from tpldir ~ "/map.jinja" import mysql with context %}
+
+mysqld-apparmor-allow:
+  file.append:
+    - name: {{ mysql.config.apparmor.dir }}/{{ mysql.config.apparmor.file }}
+    - onlyif: test -d {{ mysql.config.apparmor.dir }}
+    - makedirs: True
+    - text:
+      - '{{ mysql.config.sections.mysqld.datadir }}/ r,'
+      - '{{ mysql.config.sections.mysqld.datadir }}/** rwk,'
diff --git a/mysql/server.sls b/mysql/server.sls
index ab144b7c153dce652c9d1a6e56f1ca3e3bf8fe9a..ca7efda4895f28c43da4e8c43ce9d3fc1b53c80c 100644
--- a/mysql/server.sls
+++ b/mysql/server.sls
@@ -1,6 +1,7 @@
 include:
   - .config
   - .python
+  - .apparmor
 
 {% from tpldir ~ "/map.jinja" import mysql with context %}
 
@@ -144,13 +145,6 @@ mysql_initialize:
 {% endif %}
 
 mysqld-service-running:
-  file.append:
-    - name: {{ mysql.config.apparmor.dir }}/{{ mysql.config.apparmor.file }}
-    - onlyif: test -d {{ mysql.config.apparmor.dir }}
-    - makedirs: True
-    - text:
-      - '{{ mysql.config.sections.mysqld.datadir }}/ r,'
-      - '{{ mysql.config.sections.mysqld.datadir }}/** rwk,'
   service.running:
     - name: {{ mysql.service }}
     - enable: True