diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart
index 52728d29..e628de5f 100644
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@@ -30,7 +30,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   @{bin}/python3.[0-9]*                    rix,
   @{bin}/sed                               rix,
   @{bin}/stty                              rix,
-  @{bin}/systemctl                         rPx,
+  @{bin}/systemctl                         rPx -> child-systemctl,
   @{bin}/systemd-detect-virt               rPx,
   @{bin}/udevadm                           rPx,
   @{bin}/whiptail                          rPx,
@@ -49,6 +49,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   /etc/shadow r,
 
   /boot/ r,
+  /boot/intel-ucode.img r,
   /boot/vmlinuz* r,
 
   owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
@@ -65,4 +66,4 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   /dev/**/ r,
 
   include if exists <local/needrestart>
-}
\ No newline at end of file
+}