diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict
index 72babfb9..7c6f49e3 100644
--- a/apparmor.d/abstractions/nameservice-strict
+++ b/apparmor.d/abstractions/nameservice-strict
@@ -7,6 +7,7 @@
   /etc/hosts r,
   /etc/host.conf r,
   /etc/resolv.conf r,
+  @{run}/systemd/resolve/stub-resolv.conf r,
   /etc/nsswitch.conf r,
   /etc/passwd r,
   /etc/gai.conf r,
@@ -16,8 +17,8 @@
   /etc/services r,
 
   # NSS records from systemd-userdbd.service
-  /{var,}run/systemd/userdb/ r,
-  /{var,}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
+  @{run}/systemd/userdb/ r,
+  @{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
   @{PROC}/sys/kernel/random/boot_id r,
 
-  include if exists <abstractions/nameservice-strict.d>
\ No newline at end of file
+  include if exists <abstractions/nameservice-strict.d>