diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go
index 67197e53..49d68010 100644
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@@ -82,7 +82,7 @@ var (
 		`/sys/`, `@{sys}/`,
 		`@{PROC}@{sys}/`, `@{PROC}/sys/`,
 		`pci` + strings.Repeat(h, 4) + `:` + strings.Repeat(h, 2), `@{pci_bus}`,
-		`@{pci_bus}/[0-9a-f:*./]*`, `@{pci}/`,
+		`@{pci_bus}/[0-9a-f:*./]*/`, `@{pci}/`,
 		`1000`, `@{uid}`,
 
 		// Some system glob
diff --git a/pkg/logs/logs_test.go b/pkg/logs/logs_test.go
index c70909dc..0b14ba99 100644
--- a/pkg/logs/logs_test.go
+++ b/pkg/logs/logs_test.go
@@ -247,6 +247,26 @@ func TestNew(t *testing.T) {
 			path: filepath.Join(testdata, "audit.log"),
 			want: refPowerProfiles,
 		},
+		{
+			name: "signal-desktop",
+			path: filepath.Join(testdata, "audit.log"),
+			want: AppArmorLogs{
+				{
+					"apparmor":       "ALLOWED",
+					"profile":        "signal-desktop",
+					"operation":      "open",
+					"class":          "file",
+					"name":           "@{sys}/devices/@{pci}/boot_vga",
+					"comm":           "signal-desktop",
+					"requested_mask": "r",
+					"denied_mask":    "r",
+					"fsuid":          "1000",
+					"ouid":           "0",
+					"FSUID":          "user",
+					"OUID":           "root",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/tests/testdata/logs/audit.log b/tests/testdata/logs/audit.log
index 0680d2a7..ed897ea6 100644
--- a/tests/testdata/logs/audit.log
+++ b/tests/testdata/logs/audit.log
@@ -53,4 +53,5 @@ profile="sddm-greeter" operation="setsockopt" class="net"  comm="sddm-greeter" f
 type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable" class="cap" profile="xorg" pid=16195 comm="Xorg.bin" capability=17  capname="sys_rawio"
 type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="getattr" class="file" profile="pacman//null-/usr/share/code-features/patch.py" name="/etc/ld.so.preload" pid=18817 comm="patch.py" requested_mask="r" denied_mask="r" fsuid=0 ouid=0FSUID="root" OUID="root"
 type=AVC msg=audit(1111111111.111:1111): apparmor="ALLOWED" operation="capable" class="cap" info="optional: no audit" error=-1 profile="pacman"  comm="killall" capability=19  capname="sys_ptrace"
+apparmor="ALLOWED" operation="open" class="file" profile="signal-desktop" name="/sys/devices/pci0000:00/0000:00:02.0/boot_vga"  comm="signal-desktop" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 FSUID="user" OUID="root"