diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart
index 0fe5da82d..0a7934df0 100644
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@@ -24,12 +24,16 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mrix,
 
   /{usr/,}bin/{,ba,da}sh                        rix,
+  /{usr/,}bin/cat                               rix,
   /{usr/,}bin/dpkg-query                        rpx,
   /{usr/,}bin/fail2ban-server                   rPx,
+  /{usr/,}bin/gettext                           rix,
   /{usr/,}bin/locale                            rix,
+  /{usr/,}bin/pacman                            rix,
   /{usr/,}bin/python3.[0-9]*                    rix,
   /{usr/,}bin/sed                               rix,
   /{usr/,}bin/stty                              rix,
+  /{usr/,}bin/su                                rPx,
   /{usr/,}bin/systemctl                         rPx,
   /{usr/,}bin/systemd-detect-virt               rPx,
   /{usr/,}bin/udevadm                           rPx,
@@ -43,15 +47,18 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   /usr/share/needrestart/{,**} r,
   /usr/share/unattended-upgrades/unattended-upgrade-shutdown r,
 
-  /etc/debconf.conf r,
-  /etc/needrestart/{,**} r,
-  /etc/needrestart/*.d/* rix,
-  /etc/shadow r,
+        /etc/debconf.conf r,
+        /etc/needrestart/{,**} r,
+        /etc/needrestart/*.d/* rix,
+        /etc/shadow r,
+  owner /etc/pacman.conf r,
+  owner /etc/pacman.d/* r,
 
   /boot/ r,
   /boot/vmlinuz* r,
 
   owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
+  owner /var/lib/pacman/local/{,**} r,
 
         @{PROC}/ r,
         @{PROC}/@{pids}/cgroup r,
@@ -65,4 +72,4 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   /dev/**/ r,
 
   include if exists <local/needrestart>
-}
\ No newline at end of file
+}