diff --git a/apparmor_ghostscript b/apparmor_ghostscript
index 386f203..de9fa35 100644
--- a/apparmor_ghostscript
+++ b/apparmor_ghostscript
@@ -3,9 +3,7 @@
 # this profile is mainly intended to prevent easy exploitation of
 # issues in ghostscript. This is mainly intended as a hardening
 # measure and doesn't alleviate the need for regular updates.
-# Currently this profile is in complain mode since it caused regressions
-# for tumbleweed users
-profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} flags=(complain) {
+profile ghostscript /usr/bin/{gs,gs.bin} {
   #include <abstractions/base>
   #include <abstractions/consoles>
   #include <abstractions/nameservice>
@@ -13,7 +11,8 @@ profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd
 
   # needed to read gc/write pdfs/eps/.. everywhere
   /** wr,
-  /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd,ps2ascii,ps2epsi,ps2pdf,ps2pdf12,ps2pdf13,ps2pdf14,ps2pdfwr,ps2ps,ps2ps2} mrix,
+  # have these spelled out in case we can narrow the line above down sometime
+  /usr/bin/{gs,gs.bin} mrix,
   /usr/bin/dvips mrix,
   /usr/lib64/ghostscript/** m,
   /usr/lib64/libgs.so.* m,
@@ -34,28 +33,4 @@ profile ghostscript /usr/bin/{dvipdf,eps2eps,gs,gsbj,gsdj,gsdj500,gslj,gslp,gsnd
     /usr/share/snmp/mibs/*.txt r,
     owner /var/spool/cups/tmp/gs_?????? rw,
   }
-
-  /usr/bin/basename Cx,
-  profile /usr/bin/basename {
-    #include <abstractions/base>
-
-    /usr/bin/basename mr,
-  }
-
-  /usr/bin/dirname Cx,
-  profile /usr/bin/dirname {
-    #include <abstractions/base>
-    /usr/bin/dirname mr,
-  }
-
-  # for gsbj
-  /usr/bin/date mrix,
-  # for ps2epsi
-  /usr/bin/{gawk,cat,ls,sed,which} mrix,
-  /usr/bin/{mktemp,rm} Cx -> tempdir,
-  profile tempdir {
-    #include <abstractions/base>
-    /usr/bin/{mktemp,rm} mr,
-    owner /tmp/ps2epsi.* rw,
-  }
 }
diff --git a/ghostscript.changes b/ghostscript.changes
index 124a712..ebeda27 100644
--- a/ghostscript.changes
+++ b/ghostscript.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Sep 23 08:24:49 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
+
+- Made ghostscript profile enforcing and limit it to the ghostscript
+  binaries (bsc#1150338)
+
 -------------------------------------------------------------------
 Mon Sep 16 11:58:41 UTC 2019 - Dr. Werner Fink <werner@suse.de>