diff --git a/test/test-execute/exec-capabilityboundingset-invert.service b/test/test-execute/exec-capabilityboundingset-invert.service
index 5f374276034..4486f6c25d8 100644
--- a/test/test-execute/exec-capabilityboundingset-invert.service
+++ b/test/test-execute/exec-capabilityboundingset-invert.service
@@ -2,7 +2,7 @@
 Description=Test for CapabilityBoundingSet
 
 [Service]
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep "^Bounding set .*cap_chown"'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep "^Bounding set .*cap_chown"'
 Type=oneshot
 CapabilityBoundingSet=~CAP_CHOWN
diff --git a/test/test-execute/exec-privatedevices-no-capability-mknod.service b/test/test-execute/exec-privatedevices-no-capability-mknod.service
index 4d61d9ffaa9..8f135be0b5e 100644
--- a/test/test-execute/exec-privatedevices-no-capability-mknod.service
+++ b/test/test-execute/exec-privatedevices-no-capability-mknod.service
@@ -3,6 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no
 
 [Service]
 PrivateDevices=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod'
 Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
index f7f7a16736d..30ce5492546 100644
--- a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
+++ b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
 
 [Service]
 PrivateDevices=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio'
 Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
index 5bcace08455..b98cfb5c7ea 100644
--- a/test/test-execute/exec-privatedevices-yes-capability-mknod.service
+++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
@@ -3,6 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes
 
 [Service]
 PrivateDevices=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod'
 Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
index a246f950c11..5b0c0700f2c 100644
--- a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
+++ b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
 
 [Service]
 PrivateDevices=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio'
 Type=oneshot
diff --git a/test/test-execute/exec-protectkernellogs-no-capabilities.service b/test/test-execute/exec-protectkernellogs-no-capabilities.service
index 47d88534a9b..36aae7caf1a 100644
--- a/test/test-execute/exec-protectkernellogs-no-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-no-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=no
 
 [Service]
 ProtectKernelLogs=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_syslog'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog'
 Type=oneshot
diff --git a/test/test-execute/exec-protectkernellogs-yes-capabilities.service b/test/test-execute/exec-protectkernellogs-yes-capabilities.service
index 11350f288a5..4a5f1a08e90 100644
--- a/test/test-execute/exec-protectkernellogs-yes-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-yes-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=yes
 
 [Service]
 ProtectKernelLogs=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_syslog'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog'
 Type=oneshot
diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
index 8d7e2b52d44..1b73656305e 100644
--- a/test/test-execute/exec-protectkernelmodules-no-capabilities.service
+++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no
 
 [Service]
 ProtectKernelModules=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module'
 Type=oneshot
diff --git a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
index fe2ae208dd2..e43e72733c9 100644
--- a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
+++ b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
 
 [Service]
 ProtectKernelModules=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module'
 Type=oneshot