diff --git a/install_files/ansible-base/roles/app/handlers/main.yml b/install_files/ansible-base/roles/app/handlers/main.yml
index 212779cd15..4985ec0974 100644
--- a/install_files/ansible-base/roles/app/handlers/main.yml
+++ b/install_files/ansible-base/roles/app/handlers/main.yml
@@ -19,6 +19,13 @@
     name: securedrop_worker
     state: present
 
+## Here, we list apparmor before haveged to ensure the correct AppArmor
+## profile is loaded prior to restarting haveged
+- name: restart apparmor
+  service:
+    name: apparmor
+    state: restarted
+
 - name: restart haveged
   service:
     name: haveged
diff --git a/install_files/ansible-base/roles/app/tasks/configure_haveged.yml b/install_files/ansible-base/roles/app/tasks/configure_haveged.yml
index 147a5cd6b5..131c316cd4 100644
--- a/install_files/ansible-base/roles/app/tasks/configure_haveged.yml
+++ b/install_files/ansible-base/roles/app/tasks/configure_haveged.yml
@@ -75,6 +75,9 @@
     line: "After=apparmor.service systemd-random-seed.service"
     backrefs: yes
   when: haveged_apparmor.stat.exists
+  notify:
+    - restart apparmor
+    - restart haveged
   tags:
     - haveged
     - hardening