diff --git a/interfaces/utils/path_patterns.go b/interfaces/utils/path_patterns.go
index d4ccf9d469..41f1668543 100644
--- a/interfaces/utils/path_patterns.go
+++ b/interfaces/utils/path_patterns.go
@@ -41,7 +41,7 @@ const (
 // createRegex converts the apparmor-like glob sequence into a regex. Loosely
 // using this as reference:
 // https://gitlab.com/apparmor/apparmor/-/blob/master/parser/parser_regex.c#L107
-func createRegex(pattern string, glob GlobFlags) (string, error) {
+func createRegex(pattern string, glob GlobFlags, allowCommas bool) (string, error) {
 	regex := "^"
 
 	appendGlob := func(defaultGlob, nullGlob string) {
@@ -137,9 +137,11 @@ func createRegex(pattern string, glob GlobFlags) (string, error) {
 			if currentGroupLevel > 0 {
 				itemCountInGroup[currentGroupLevel]++
 				regex += "|"
-			} else {
+			} else if allowCommas {
 				// treat commas outside of groups as literal commas
 				regex += ","
+			} else {
+				return "", fmt.Errorf("cannot use ',' outside of group or character class")
 			}
 		default:
 			// take literal character (with quoting if needed)
@@ -162,7 +164,19 @@ func createRegex(pattern string, glob GlobFlags) (string, error) {
 }
 
 func NewPathPattern(pattern string) (*PathPattern, error) {
-	regexPattern, err := createRegex(pattern, globDefault)
+	regexPattern, err := createRegex(pattern, globDefault, false)
+	if err != nil {
+		return nil, err
+	}
+
+	regex := regexp.MustCompile(regexPattern)
+
+	pp := &PathPattern{pattern, regex}
+	return pp, nil
+}
+
+func NewPathPatternAllowCommas(pattern string) (*PathPattern, error) {
+	regexPattern, err := createRegex(pattern, globDefault, true)
 	if err != nil {
 		return nil, err
 	}