diff --git a/apparmor-dovecot-stats-metrics.diff b/apparmor-dovecot-stats-metrics.diff
new file mode 100644
index 0000000..bf1b457
--- /dev/null
+++ b/apparmor-dovecot-stats-metrics.diff
@@ -0,0 +1,14 @@
+diff -ur apparmor-3.0.1.orig/profiles/apparmor.d/usr.lib.dovecot.stats apparmor-3.0.1/profiles/apparmor.d/usr.lib.dovecot.stats
+--- apparmor-3.0.1.orig/profiles/apparmor.d/usr.lib.dovecot.stats	2020-12-02 12:01:37.000000000 +0100
++++ apparmor-3.0.1/profiles/apparmor.d/usr.lib.dovecot.stats	2021-07-16 01:00:53.266471947 +0200
+@@ -20,6 +20,10 @@
+   capability setuid,
+   capability sys_chroot,
+ 
++  # for metrics end-point (Prometheus)
++  network inet stream,
++  network inet6 stream,
++
+   /usr/lib/dovecot/stats mr,
+ 
+   # Site-specific additions and overrides. See local/README for details.
diff --git a/apparmor.changes b/apparmor.changes
index cd774e0..37da417 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jul 15 23:02:25 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
+
 -------------------------------------------------------------------
 Mon Jun  7 19:30:20 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index f75af5f..366ce47 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -84,6 +84,9 @@ Patch7:         crypto-policies-mr720.diff
 # extend abstractions/php for PHP 8 (accepted upstream 2021-05-24 - https://gitlab.com/apparmor/apparmor/-/merge_requests/755)
 Patch8:         abstractions-php8.diff
 
+# allow Prometheus metrics end-point (submitted upstream 2021-07-19 - https://gitlab.com/apparmor/apparmor/-/merge_requests/776)
+Patch9:         apparmor-dovecot-stats-metrics.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -348,6 +351,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch5
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 %define _lto_cflags %{nil}