diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict
index 5e116769..7c6f49e3 100644
--- a/apparmor.d/abstractions/nameservice-strict
+++ b/apparmor.d/abstractions/nameservice-strict
@@ -17,8 +17,8 @@
   /etc/services r,
 
   # NSS records from systemd-userdbd.service
-  /{var,}run/systemd/userdb/ r,
-  /{var,}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
+  @{run}/systemd/userdb/ r,
+  @{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
   @{PROC}/sys/kernel/random/boot_id r,
 
   include if exists <abstractions/nameservice-strict.d>