diff --git a/apparmor.changes b/apparmor.changes
index 3054ea1..c22f05b 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 29 15:26:48 UTC 2017 - rgoldwyn@suse.com
+
+- read_inactive_profile-exactly-once.patch (bsc#1069346)
+  Perform reading of inactive profiles exactly once.
+
 -------------------------------------------------------------------
 Wed Oct 25 19:36:55 UTC 2017 - suse-beta@cboltz.de
 
diff --git a/apparmor.spec b/apparmor.spec
index 7dad860..c16e053 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -84,6 +84,9 @@ Patch16:        nameservice-libtirpc.diff
 # Fix sorted() regression in save_profiles() - submitted upstream 2017-10-22
 Patch17:        utils-fix-sorted-save_profiles-regression.diff
 
+# bsc#1069346
+Patch18:        read_inactive_profile-exactly-once.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -384,6 +387,7 @@ SubDomain.
 %patch15 -p1
 %patch16
 %patch17
+%patch18 -p1
 
 # search for left-over multiline rules
 test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
diff --git a/read_inactive_profile-exactly-once.patch b/read_inactive_profile-exactly-once.patch
new file mode 100644
index 0000000..c7adfed
--- /dev/null
+++ b/read_inactive_profile-exactly-once.patch
@@ -0,0 +1,34 @@
+commit b307e535fa26bff0abffb6bfd1aeab5d6c7c3622
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Tue Nov 28 21:46:36 2017 +0100
+
+    Let read_inactive_profiles() do nothing when calling it the second time
+    
+    autodep() calls read_inactive_profiles() each time it's called (= for
+    each binary). The result is a "Conflicting profile" error (showing the
+    same filename twice) if autodep() runs more than once. This can easily
+    happen when using "aa-autodep /usr/bin/*".
+    
+    This patch adds an attribute to read_inactive_profiles() that lets the
+    function return without doing anything if was called before.
+
+---
+ utils/apparmor/aa.py |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/utils/apparmor/aa.py
++++ b/utils/apparmor/aa.py
+@@ -2107,6 +2107,13 @@ def read_profiles():
+                 read_profile(profile_dir + '/' + file, True)
+ 
+ def read_inactive_profiles():
++    if hasattr(read_inactive_profiles, 'already_read'):
++        # each autodep() run calls read_inactive_profiles, but that's a) superfluous and b) triggers a conflict because the inactive profiles are already loaded
++        # therefore don't do anything if the inactive profiles were already loaded
++        return
++
++    read_inactive_profiles.already_read = True
++
+     if not os.path.exists(extra_profile_dir):
+         return None
+     try: