diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd
index 1ca6e0e0..68b75348 100644
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@@ -10,6 +10,7 @@ include <tunables/global>
 profile zsysctl @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/dbus-strict>
+  include <abstractions/nameservice-strict>
 
   capability sys_ptrace,
   capability sys_admin,
@@ -18,13 +19,9 @@ profile zsysctl @{exec_path} flags=(complain) {
        interface=org.freedesktop.PolicyKit1.Authority
        member=CheckAuthorization,
 
-  @{exec_path}          rm,
-  /{usr/,}bin/zsysctl   rix,
-  /{usr/,}bin/zsysd     rix,
+  @{exec_path} rmix,
 
   /etc/hostid r,
-  /etc/passwd r,
-  /etc/nsswitch.conf r,
   /etc/zsys.conf r,
   
   /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,