diff --git a/mysql/apparmor.sls b/mysql/apparmor.sls
new file mode 100644
index 0000000..9ab92ef
--- /dev/null
+++ b/mysql/apparmor.sls
@@ -0,0 +1,10 @@
+{% from tpldir ~ "/map.jinja" import mysql with context %}
+
+mysqld-apparmor-allow:
+  file.append:
+    - name: {{ mysql.config.apparmor.dir }}/{{ mysql.config.apparmor.file }}
+    - onlyif: test -d {{ mysql.config.apparmor.dir }}
+    - makedirs: True
+    - text:
+      - '{{ mysql.config.sections.mysqld.datadir }}/ r,'
+      - '{{ mysql.config.sections.mysqld.datadir }}/** rwk,'
diff --git a/mysql/server.sls b/mysql/server.sls
index ab144b7..ca7efda 100644
--- a/mysql/server.sls
+++ b/mysql/server.sls
@@ -1,6 +1,7 @@
 include:
   - .config
   - .python
+  - .apparmor
 
 {% from tpldir ~ "/map.jinja" import mysql with context %}
 
@@ -144,13 +145,6 @@ mysql_initialize:
 {% endif %}
 
 mysqld-service-running:
-  file.append:
-    - name: {{ mysql.config.apparmor.dir }}/{{ mysql.config.apparmor.file }}
-    - onlyif: test -d {{ mysql.config.apparmor.dir }}
-    - makedirs: True
-    - text:
-      - '{{ mysql.config.sections.mysqld.datadir }}/ r,'
-      - '{{ mysql.config.sections.mysqld.datadir }}/** rwk,'
   service.running:
     - name: {{ mysql.service }}
     - enable: True