diff --git a/apparmor.d/abstractions/nameservice b/apparmor.d/abstractions/nameservice
index 12ea151..a26c10d 100644
--- a/apparmor.d/abstractions/nameservice
+++ b/apparmor.d/abstractions/nameservice
@@ -94,6 +94,12 @@
   network inet  dgram,
   network inet6 dgram,
 
+  # TODO: replace with more specific "unix" rules once support for them
+  # arrives in the Linux kernel (probably in 4.15) and gives us detailed
+  # log messages
+  network unix dgram,
+  network unix stream,
+
   # TODO: adjust when support finer-grained netlink rules
   # Netlink raw needed for nscd
   network netlink raw,
diff --git a/apparmor.d/sbin.dhclient b/apparmor.d/sbin.dhclient
index 1064e25..f432bf3 100644
--- a/apparmor.d/sbin.dhclient
+++ b/apparmor.d/sbin.dhclient
@@ -17,6 +17,9 @@
   network packet,
   network raw,
 
+  network unix dgram,
+  network unix stream,
+
   @{PROC}/[0-9]*/net/ r,
   @{PROC}/[0-9]*/net/** r,
 
@@ -90,12 +93,15 @@
 
   /run/NetworkManager/private-dhcp rw,
   signal (send) peer=/sbin/dhclient,
+  signal (send) peer=dhclient,
 
   /var/lib/NetworkManager/*lease r,
   signal (receive) peer=/usr/sbin/NetworkManager,
   ptrace (readby) peer=/usr/sbin/NetworkManager,
   network inet dgram,
   network inet6 dgram,
+
+  network unix stream,
 }
 
 /usr/lib/connman/scripts/dhclient-script {
diff --git a/apparmor.d/usr.sbin.cupsd b/apparmor.d/usr.sbin.cupsd
index e0c7e40..469e24f 100644
--- a/apparmor.d/usr.sbin.cupsd
+++ b/apparmor.d/usr.sbin.cupsd
@@ -42,6 +42,8 @@
   network econet dgram,
   network ash dgram,
 
+  network unix stream,
+
   /bin/bash ixr,
   /bin/dash ixr,
   /bin/hostname ixr,