diff --git a/debian/apparmor/ubuntu_pro_esm_cache.jinja2 b/debian/apparmor/ubuntu_pro_esm_cache.jinja2
index a0d5bc9c22..b7f0220819 100644
--- a/debian/apparmor/ubuntu_pro_esm_cache.jinja2
+++ b/debian/apparmor/ubuntu_pro_esm_cache.jinja2
@@ -218,6 +218,8 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
     / r,
     /etc/dpkg/** r,
 
+    # there are just too many shell script tools that are called, like head,
+    # tail, cut, sed, etc
     /{,usr/}bin/* mrix,
 
     /usr/lib/apt/methods/gpgv mr,