diff --git a/apparmor.d/profiles-a-f/chsh b/apparmor.d/profiles-a-f/chsh
index 61885ed4..f73ae670 100644
--- a/apparmor.d/profiles-a-f/chsh
+++ b/apparmor.d/profiles-a-f/chsh
@@ -10,26 +10,19 @@ include <tunables/global>
 @{exec_path} = @{bin}/chsh
 profile chsh @{exec_path} {
   include <abstractions/base>
-  include <abstractions/wutmp>
   include <abstractions/authentication>
   include <abstractions/nameservice-strict>
+  include <abstractions/wutmp>
 
-  # To write records to the kernel auditing log.
   capability audit_write,
-
-  # To set the right permission to the files in the /etc/ dir.
   capability chown,
   capability fsetid,
-
-  # gpasswd is a SETUID binary
   capability setuid,
 
   network netlink raw,
 
   @{exec_path} mr,
 
-  owner @{PROC}/@{pid}/loginuid r,
-
   /etc/shells r,
 
   /etc/passwd rw,
@@ -44,6 +37,8 @@ profile chsh @{exec_path} {
   # modify the /etc/passwd or /etc/shadow password database.
   /etc/.pwd.lock rwk,
 
+  owner @{PROC}/@{pid}/loginuid r,
+
   include if exists <local/chsh>
 }
 
diff --git a/apparmor.d/profiles-s-z/useradd b/apparmor.d/profiles-s-z/useradd
index 42ab8760..0fbb9aa6 100644
--- a/apparmor.d/profiles-s-z/useradd
+++ b/apparmor.d/profiles-s-z/useradd
@@ -53,9 +53,9 @@ profile useradd @{exec_path} {
 
   # To create user dirs and copy files from /etc/skel/ to them
   @{HOME}/ rw,
-  @{HOME}/.* w,
+  @{HOME}/.** w,
   /var/lib/*/{,*} rw,
-  /etc/skel/{,.*} r,
+  /etc/skel/{,.**} r,
 
   profile pam_tally2 {
     include <abstractions/base>
diff --git a/tests/bats/chsh.bats b/tests/bats/chsh.bats
index 42cfa115..5365fea6 100644
--- a/tests/bats/chsh.bats
+++ b/tests/bats/chsh.bats
@@ -11,7 +11,7 @@ setup_file() {
 
 # bats test_tags=chsh
 @test "chsh: [l]ist available shells" {
-    chsh --list-shells
+    chsh --list-shells || true
     aa_check
 }
 
diff --git a/tests/bats/lsusb.bats b/tests/bats/lsusb.bats
index 530841a2..8f646d89 100644
--- a/tests/bats/lsusb.bats
+++ b/tests/bats/lsusb.bats
@@ -11,18 +11,18 @@ setup_file() {
 
 # bats test_tags=lsusb
 @test "lsusb: List all the USB devices available" {
-    lsusb
+    lsusb || true
     aa_check
 }
 
 # bats test_tags=lsusb
 @test "lsusb: List the USB hierarchy as a tree" {
-    lsusb -t
+    lsusb -t || true
     aa_check
 }
 
 # bats test_tags=lsusb
 @test "lsusb: List verbose information about USB devices" {
-    lsusb --verbose
+    lsusb --verbose || true
     aa_check
 }