diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 9527adc11c6d18535294a3212c9cc6f8c5b1dae1..ad456546df5bfe2be9a6d3e4fda93bf672b14628 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -325,8 +325,10 @@ static struct aa_profile *__attach_match(const char *name,
 	struct aa_profile *profile, *candidate = NULL;
 
 	list_for_each_entry_rcu(profile, head, base.list) {
-		if (profile->label.flags & FLAG_NULL)
+		if (profile->label.flags & FLAG_NULL &&
+		    &profile->label == ns_unconfined(profile->ns))
 			continue;
+
 		if (profile->xmatch) {
 			if (profile->xmatch_len == len) {
 				conflict = true;