diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
index e3e97f718..6c9bf2dd5 100644
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@@ -56,6 +56,7 @@
 
 # Name of the systemd profile: unconfined || systemd
 @{systemd}=unconfined
+@{systemd_user}=unconfined
 
 # Udev data dynamic assignment ranges
 @{dynamic}=23[4-9] 24[0-9] 25[0-4]                       # range 234 to 254
diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go
index 82390c7f3..d16f38f70 100644
--- a/pkg/prebuild/prepare.go
+++ b/pkg/prebuild/prepare.go
@@ -206,6 +206,7 @@ func SetFullSystemPolicy() ([]string, error) {
 		return res, err
 	}
 	out := strings.Replace(string(content), "@{systemd}=unconfined", "@{systemd}=systemd", -1)
+	out = strings.Replace(out, "@{systemd_user}=unconfined", "@{systemd_user}=systemd-user", -1)
 	if err := path.WriteFile([]byte(out)); err != nil {
 		return res, err
 	}