diff --git a/apparmor.d/profiles-s-z/usb-devices b/apparmor.d/profiles-s-z/usb-devices
index 7b12a9726..271ebfb98 100644
--- a/apparmor.d/profiles-s-z/usb-devices
+++ b/apparmor.d/profiles-s-z/usb-devices
@@ -9,8 +9,12 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/usb-devices
 profile usb-devices @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/devices-usb>
 
+       capability dac_read_search,
+  deny capability dac_override,
+
   @{exec_path} r,
   /{usr/,}bin/{,ba,da}sh rix,