diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 6db0e651..4666ac45 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -267,16 +267,21 @@ jobs:
         docker exec test docker info
         docker exec test ./integration-docker.sh
         docker rm -f test
-    - name: "Docker Integration test: net=pasta, port-driver=implicit"
+    - name: "Docker Integration test: net=gvisor-tap-vsock, port-driver=builtin"
       run: |
-        docker run -d --name test --network custom --privileged -e DOCKERD_ROOTLESS_ROOTLESSKIT_NET=pasta       -e DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=implicit rootlesskit:test-integration-docker
+        docker run -d --name test --network custom --privileged -e DOCKERD_ROOTLESS_ROOTLESSKIT_NET=gvisor-tap-vsock -e DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=builtin rootlesskit:test-integration-docker
         sleep 2
         docker exec test docker info
         docker exec test ./integration-docker.sh
         docker rm -f test
-    - name: "Docker Integration test: net=gvisor-tap-vsock, port-driver=builtin"
+    - name: "Teardown AppArmor before running pasta tests"
       run: |
-        docker run -d --name test --network custom --privileged -e DOCKERD_ROOTLESS_ROOTLESSKIT_NET=gvisor-tap-vsock -e DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=builtin rootlesskit:test-integration-docker
+        sudo aa-teardown || true
+        sudo systemctl stop apparmor
+        sudo systemctl restart docker
+    - name: "Docker Integration test: net=pasta, port-driver=implicit"
+      run: |
+        docker run -d --name test --network custom --privileged -e DOCKERD_ROOTLESS_ROOTLESSKIT_NET=pasta       -e DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=implicit rootlesskit:test-integration-docker
         sleep 2
         docker exec test docker info
         docker exec test ./integration-docker.sh
diff --git a/hack/integration-docker.sh b/hack/integration-docker.sh
index 23cdc449..ef58f0f1 100755
--- a/hack/integration-docker.sh
+++ b/hack/integration-docker.sh
@@ -3,19 +3,23 @@ source $(realpath $(dirname $0))/common.inc.sh
 
 nonloopback="$(hostname -I | awk '{print $1}')"
 
+
+SLEEP_SECS=2
+[ "$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER" = "implicit" ] && SLEEP_SECS=10
+
 docker rm -f nginx >/dev/null 2>&1 || true
 
 CURL="curl -fsSL"
 set -x
 
 docker run -d --name=nginx -p 8080:80 nginx:alpine
-sleep 2
+sleep "$SLEEP_SECS"
 $CURL "http://127.0.0.1:8080"
 $CURL "http://${nonloopback}:8080"
 docker rm -f nginx
 
 docker run -d --name=nginx -p 127.0.0.1:8080:80 nginx:alpine
-sleep 2
+sleep "$SLEEP_SECS"
 $CURL "http://127.0.0.1:8080"
 $CURL "http://${nonloopback}:8080" && ( ERROR "should fail"; exit 1 )
 docker rm -f nginx
@@ -24,7 +28,7 @@ docker rm -f nginx
 # "Error starting userland proxy: listen tcp4 172.18.0.2:8080: bind: cannot assign requested address."
 if [ "$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER" != "implicit" ]; then
 	docker run -d --name=nginx -p "${nonloopback}:8080:80" nginx:alpine
-	sleep 2
+	sleep "$SLEEP_SECS"
 	$CURL "http://127.0.0.1:8080" && ( ERROR "should fail"; exit 1 )
 	$CURL "http://${nonloopback}:8080"
 	docker rm -f nginx