diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go
index 4797a9219..da5a683ad 100644
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@@ -67,13 +67,8 @@ func (p *AppArmorProfile) resolve(str string) []string {
 		if len(match) > 1 {
 			variable := match[0]
 			varname := match[1]
-			if len(p.Variables[varname]) > 1 {
-				for _, value := range p.Variables[varname] {
-					newVar := strings.ReplaceAll(str, variable, value)
-					vars = append(vars, p.resolve(newVar)...)
-				}
-			} else {
-				newVar := strings.ReplaceAll(str, variable, p.Variables[varname][0])
+			for _, value := range p.Variables[varname] {
+				newVar := strings.ReplaceAll(str, variable, value)
 				vars = append(vars, p.resolve(newVar)...)
 			}
 		} else {
diff --git a/pkg/aa/profile_test.go b/pkg/aa/profile_test.go
index 1f083a2da..c66f793c2 100644
--- a/pkg/aa/profile_test.go
+++ b/pkg/aa/profile_test.go
@@ -93,6 +93,34 @@ func TestAppArmorProfile_ParseVariables(t *testing.T) {
 	}
 }
 
+func TestAppArmorProfile_resolve(t *testing.T) {
+	tests := []struct {
+		name      string
+		variables map[string][]string
+		input     string
+		want      []string
+	}{
+		{
+			name:      "empty",
+			variables: Tunables,
+			input:     "@{}",
+			want:      []string{"@{}"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &AppArmorProfile{
+				Content:     "",
+				Variables:   tt.variables,
+				Attachments: []string{},
+			}
+			if got := p.resolve(tt.input); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("AppArmorProfile.resolve() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
 func TestAppArmorProfile_ResolveAttachments(t *testing.T) {
 	tests := []struct {
 		name      string