diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl
index a6d734e9..0a65609e 100644
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@@ -8,9 +8,10 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}bin/journalctl
-profile systemd-journalctl @{exec_path} {
+profile journalctl @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
   capability sys_resource,
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index 63688837..5acbbadf 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -82,6 +82,7 @@ profile systemd-logind @{exec_path} flags=(complain) {
   @{sys}/firmware/efi/efivars/LoaderFeatures-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
 
   @{PROC}/@{pid}/cgroup r,
+  @{PROC}/@{pid}/comm r,
   @{PROC}/@{pid}/fd/ r,
   @{PROC}/@{pid}/sessionid r,
   @{PROC}/@{pid}/stat r,
diff --git a/apparmor.d/groups/systemd/systemd-machined b/apparmor.d/groups/systemd/systemd-machined
index 113db353..4dbc8e33 100644
--- a/apparmor.d/groups/systemd/systemd-machined
+++ b/apparmor.d/groups/systemd/systemd-machined
@@ -11,14 +11,24 @@ profile systemd-machined @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/systemd-common>
 
+  capability chown,
+  capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
+  capability kill,
+  capability mknod,
+  capability setgid,
+  capability sys_admin,
+  capability sys_chroot,
   capability sys_ptrace,
 
   @{exec_path} mr,
 
   /etc/machine-id r,
 
+  @{run}/systemd/machines/{,**} r,
   @{run}/systemd/userdb/io.systemd.Machine rw,
-  @{run}/systemd/machines/ r,
 
   include if exists <local/systemd-machined>
 }