diff --git a/apparmor.d/profiles-m-r/rsyslogd b/apparmor.d/profiles-m-r/rsyslogd
index 599fac88f..80d75a928 100644
--- a/apparmor.d/profiles-m-r/rsyslogd
+++ b/apparmor.d/profiles-m-r/rsyslogd
@@ -7,15 +7,10 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-# Debugging the syslogger can be difficult if it can't write to the file
-# that the kernel is logging denials to. In these cases, you can do the
-# following:
-# watch -n 1 'dmesg | tail -5'
-
 @{exec_path} = @{sbin}/rsyslogd
 profile rsyslogd @{exec_path} {
   include <abstractions/base>
-  include <abstractions/nameservice>
+  include <abstractions/nameservice-strict>
 
   capability chown,  # For creating new log files and changing their owner/group
   capability net_admin,  # For remote logs
@@ -24,18 +19,19 @@ profile rsyslogd @{exec_path} {
   capability sys_nice,
   capability syslog,
 
+  network inet dgram,
+  network inet6 dgram,
+
   signal receive set=hup peer=@{p_systemd},
 
   @{exec_path} mr,
+  @{sh_path} mr,
 
   @{lib}/@{multiarch}/rsyslog/*.so mr,
 
   /etc/rsyslog.conf r,
   /etc/rsyslog.d/{,**} r,
 
-  /etc/CA/*.crt r,
-  /etc/CA/*.key r,
-
   /var/log/** rw,
   /var/spool/rsyslog/ r,
   /var/spool/rsyslog/** rw,
diff --git a/tests/check.sh b/tests/check.sh
index 801e81114..28adc7710 100644
--- a/tests/check.sh
+++ b/tests/check.sh
@@ -93,7 +93,7 @@ _check() {
 # Rules checks: security, compatibility and rule issues
 
 readonly ABS="abstractions"
-readonly ABS_DANGEROUS=(dbus-session dbus-system dbus-accessibility user-tmp)
+readonly ABS_DANGEROUS=(dbus dbus-session dbus-system dbus-accessibility user-tmp)
 declare -A ABS_DEPRECATED=(
     ["nameservice"]="nameservice-strict"
     ["bash"]="shell"
@@ -142,7 +142,7 @@ _check_equivalent() {
     _is_enabled equivalent || return 0
     local prgmname
     for prgmname in "${!EQUIVALENTS[@]}"; do
-        if [[ "$line" == *"/$prgmname"* ]]; then
+        if [[ "$line" == *"/$prgmname "* ]]; then
             if [[ ! "$line" == *"${EQUIVALENTS[$prgmname]}"* ]]; then
                 _err compatibility "$file:$line_number" "missing equivalent program: '@{bin}/$prgmname' instead of '@{bin}/${EQUIVALENTS[$prgmname]}'"
             fi
@@ -373,7 +373,7 @@ check_profiles() {
     )
     jobs=0
     WITH_CHECK=(
-        equivalent
+        abstractions equivalent
         abi include profile header tabs trailing indentation subprofiles vim
     )
     for file in "${files[@]}"; do
@@ -393,7 +393,7 @@ check_abstractions() {
     mapfile -t files < <(find "$APPARMORD/abstractions" -type f -not -path "$APPARMORD/abstractions/*.d/*")
     jobs=0
     WITH_CHECK=(
-        equivalent
+        abstractions equivalent
         abi include header tabs trailing indentation vim
     )
     for file in "${files[@]}"; do
@@ -414,7 +414,7 @@ check_abstractions() {
     # shellcheck disable=SC2034
     jobs=0
     WITH_CHECK=(
-        equivalent
+        abstractions equivalent
         header tabs trailing indentation vim
     )
     for file in "${files[@]}"; do