diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch
deleted file mode 100644
index a4c13fd..0000000
--- a/apparmor-no-mount.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Index: libvirt-5.1.0/src/security/apparmor/libvirt-lxc
-===================================================================
---- libvirt-5.1.0.orig/src/security/apparmor/libvirt-lxc
-+++ libvirt-5.1.0/src/security/apparmor/libvirt-lxc
-@@ -2,39 +2,15 @@
- 
-   #include <abstractions/base>
- 
--  umount,
--
--  # ignore DENIED message on / remount
--  deny mount options=(ro, remount) -> /,
--
--  # allow tmpfs mounts everywhere
--  mount fstype=tmpfs,
--
--  # allow mqueue mounts everywhere
--  mount fstype=mqueue,
--
--  # allow fuse mounts everywhere
--  mount fstype=fuse.*,
--
--  # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted
--  mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
-+  # deny writes in /proc/sys/fs
-   deny @{PROC}/sys/fs/** wklx,
- 
--  # allow efivars to be mounted, writing to it will be blocked though
--  mount fstype=efivarfs -> /sys/firmware/efi/efivars/,
--
-   # block some other dangerous paths
-   deny @{PROC}/sysrq-trigger rwklx,
-   deny @{PROC}/mem rwklx,
-   deny @{PROC}/kmem rwklx,
- 
--  # deny writes in /sys except for /sys/fs/cgroup, also allow
--  # fusectl, securityfs and debugfs to be mounted there (read-only)
--  mount fstype=fusectl -> /sys/fs/fuse/connections/,
--  mount fstype=securityfs -> /sys/kernel/security/,
--  mount fstype=debugfs -> /sys/kernel/debug/,
--  mount fstype=proc -> /proc/,
--  mount fstype=sysfs -> /sys/,
-+  # deny writes in /sys
-   deny /sys/firmware/efi/efivars/** rwklx,
-   deny /sys/kernel/security/** rwklx,
- 
diff --git a/libvirt.changes b/libvirt.changes
index 2dc9acd..ac9457b 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Mar 21 21:40:06 UTC 2019 - James Fehlig <jfehlig@suse.com>
+
+- apparmor: reintroduce upstream lxc mount rules
+  Drop apparmor-no-mount.patch
+  bsc#1130129
+
 -------------------------------------------------------------------
 Fri Mar 15 23:21:06 UTC 2019 - James Fehlig <jfehlig@suse.com>
 
diff --git a/libvirt.spec b/libvirt.spec
index 19ef203..79d1e05 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -367,11 +367,10 @@ Patch208:       suse-apparmor-libnl-paths.patch
 Patch209:       support-managed-pci-xen-driver.patch
 Patch210:       xen-sxpr-disk-type.patch
 Patch211:       libxl-support-block-script.patch
-Patch212:       apparmor-no-mount.patch
-Patch213:       qemu-apparmor-screenshot.patch
-Patch214:       libvirt-suse-netcontrol.patch
-Patch215:       lxc-wait-after-eth-del.patch
-Patch216:       suse-libxl-disable-autoballoon.patch
+Patch212:       qemu-apparmor-screenshot.patch
+Patch213:       libvirt-suse-netcontrol.patch
+Patch214:       lxc-wait-after-eth-del.patch
+Patch215:       suse-libxl-disable-autoballoon.patch
 # SLES-Only patches
 %if ! 0%{?is_opensuse}
 Patch400:       virt-create-rootfs.patch
@@ -910,7 +909,6 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch213 -p1
 %patch214 -p1
 %patch215 -p1
-%patch216 -p1
 %if ! 0%{?is_opensuse}
 %patch400 -p1
 %endif