diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml
index 669b57946..cc0c7c75b 100644
--- a/elastic-filebeat/templates/daemonset.yaml
+++ b/elastic-filebeat/templates/daemonset.yaml
@@ -81,6 +81,7 @@ spec:
       annotations:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "filebeat" "containerNames" (list "filebeat" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
 {{ if $envAll.Values.pod.tolerations.filebeat.enabled }}
diff --git a/elastic-filebeat/values_overrides/apparmor.yaml b/elastic-filebeat/values_overrides/apparmor.yaml
new file mode 100644
index 000000000..6f65ccd73
--- /dev/null
+++ b/elastic-filebeat/values_overrides/apparmor.yaml
@@ -0,0 +1,8 @@
+---
+pod:
+  mandatory_access_control:
+    type: apparmor
+    filebeat:
+      filebeat: runtime/default
+      init: runtime/default
+...