diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart
index 2470c527f..567c744b8 100644
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@@ -26,7 +26,6 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mrix,
 
-  @{bin}/*                                 r,
   @{sh_path}                               rix,
   @{bin}/dpkg-query                        rpx,
   @{bin}/fail2ban-server                   rPx,
@@ -43,11 +42,6 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   @{lib}/needrestart/*                     rPx,
   /usr/share/debconf/frontend              rix,
 
-  @{att}/@{lib}/@{python_name}/**          r,
-
-  /usr/share/needrestart/{,**} r,
-  /usr/share/unattended-upgrades/unattended-upgrade-shutdown r,
-
   /etc/debconf.conf r,
   /etc/init.d/* r,
   /etc/needrestart/{,**} r,
@@ -56,11 +50,14 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
 
   / r,
   /boot/ r,
-  /boot/intel-ucode.img r,
-  /boot/vmlinuz* r,
-
-  owner /var/lib/juju/agents/{,**} r,
-  owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
+  /boot/* r,
+  /opt/*/** r,
+  @{bin}/* r,
+  @{lib}/** r,
+  @{sbin}/** r,
+  @{att}/@{lib}/** r,
+  /usr/share/** r,
+  /var/lib/*/** r,
 
   /tmp/@{word10}/ rw,