diff --git a/.changeset/kind-items-clean.md b/.changeset/kind-items-clean.md
new file mode 100644
index 00000000000..17ae44bb99b
--- /dev/null
+++ b/.changeset/kind-items-clean.md
@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+fix: Only update AppArmor profile if not chroot'ed
diff --git a/packages/app-builder-lib/templates/linux/after-install.tpl b/packages/app-builder-lib/templates/linux/after-install.tpl
index 7433249abf7..a3e48256889 100644
--- a/packages/app-builder-lib/templates/linux/after-install.tpl
+++ b/packages/app-builder-lib/templates/linux/after-install.tpl
@@ -42,7 +42,10 @@ if test -d "/etc/apparmor.d"; then
   if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then
     cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET"
 
-    if hash apparmor_parser 2>/dev/null; then
+    # Updating the current AppArmor profile is not possible and probably not meaningful in a chroot'ed environment.
+    # Use cases are for example environments where images for clients are maintained.
+    # There, AppArmor might correctly be installed, but live updating makes no sense.
+    if ! { [ -x '/usr/bin/ischroot' ] && /usr/bin/ischroot; } && hash apparmor_parser 2>/dev/null; then
       # Extra flags taken from dh_apparmor:
       # > By using '-W -T' we ensure that any abstraction updates are also pulled in.
       # https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport
diff --git a/test/snapshots/linux/debTest.js.snap b/test/snapshots/linux/debTest.js.snap
index 71bb7417e37..455bb1c30f8 100644
--- a/test/snapshots/linux/debTest.js.snap
+++ b/test/snapshots/linux/debTest.js.snap
@@ -568,7 +568,10 @@ if test -d "/etc/apparmor.d"; then
   if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then
     cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET"
 
-    if hash apparmor_parser 2>/dev/null; then
+    # Updating the current AppArmor profile is not possible and probably not meaningful in a chroot'ed environment.
+    # Use cases are for example environments where images for clients are maintained.
+    # There, AppArmor might correctly be installed, but live updating makes no sense.
+    if ! { [ -x '/usr/bin/ischroot' ] && /usr/bin/ischroot; } && hash apparmor_parser 2>/dev/null; then
       # Extra flags taken from dh_apparmor:
       # > By using '-W -T' we ensure that any abstraction updates are also pulled in.
       # https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport