diff --git a/src/DEBIAN/control b/src/DEBIAN/control
index 5a0bd1b..5e200f0 100755
--- a/src/DEBIAN/control
+++ b/src/DEBIAN/control
@@ -4,5 +4,5 @@ Section: misc
 Priority: optional
 Depends: bubblewrap,flatpak,zenity,policykit-1,gcc,systemd,procps
 Maintainer: shenmo <shenmo@spark-app.store>
-Architecture: arm64
+Architecture: amd64
 Description: bwrap wrapper for install and running debs inside a bookworm container
diff --git a/src/DEBIAN/postinst b/src/DEBIAN/postinst
index 0e0792e..b79ff81 100755
--- a/src/DEBIAN/postinst
+++ b/src/DEBIAN/postinst
@@ -19,7 +19,6 @@ systemctl enable ace-bookworm-auto-upgrade
 systemctl start ace-bookworm-auto-upgrade
 fi
 
-
-sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+systemctl reload apparmor
 
 true
diff --git a/src/etc/apparmor.d/amber-ce-bookworm b/src/etc/apparmor.d/amber-ce-bookworm
new file mode 100644
index 0000000..5555573
--- /dev/null
+++ b/src/etc/apparmor.d/amber-ce-bookworm
@@ -0,0 +1,7 @@
+abi <abi/4.0>,
+include <tunables/global>
+profile bwrap /usr/bin/bwrap flags=(unconfined) {
+userns,
+#Site-specific additions and overrides. See local/README for details.
+include if exists <local/bwrap>
+}