diff --git a/apparmor/session-lockdown/no-deny b/apparmor/session-lockdown/no-deny
index 01a2a6a092acde7ec74470ba3f6fc4fb89c74f5d..ebc9fa7b227dac5f1e125ed369d1a5eabcb05988 100755
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -97,7 +97,10 @@ def get_processes(profiles):
                         # keep only unconfined processes that have a profile defined
                         processes[filename] = { 'profile' : exe,
                                                 'mode' : 'unconfined' }
-                    elif p.strip() != 'unconfined':
+                    elif p.strip() == 'unconfined':
+                        # this is fine: something like process 1 (systemd)
+                        print('# unconfined process {!r} {!r} has no profile, ignoring'.format(filename, exe))
+                    else:
                         not_ok('process {} {!r} context {!r} could not be '
                                'parsed'.format(filename, exe, p))
             except: