diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
index 6ba6c30a..fe753558 100644
--- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
+++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
@@ -81,6 +81,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
 
   #include <abstractions/audio>
   #include <abstractions/bash>
+  #include <abstractions/consoles>
   #include <abstractions/cups-client>
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
@@ -151,8 +152,6 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
   /usr/bin/kgpg                         rix,
   /usr/bin/kleopatra                    rix,
 
-  /dev/tty                              rw,
-
   /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner   rmPUx,
   owner @{user_cache_dirs}/gstreamer-???/**                                 rw,
   unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),  #Gstreamer doesn't work without this
diff --git a/apparmor.d/groups/apt/apt-mark b/apparmor.d/groups/apt/apt-mark
index 5fd24129..79e3285a 100644
--- a/apparmor.d/groups/apt/apt-mark
+++ b/apparmor.d/groups/apt/apt-mark
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/apt-mark
 profile apt-mark @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/apt-common>
 
   @{exec_path} mr,
@@ -25,7 +26,5 @@ profile apt-mark @{exec_path} {
   /var/cache/apt/ r,
   /var/cache/apt/** rwk,
 
-  /dev/pts/[0-9]* rw,
-
   include if exists <local/apt-mark>
 }
diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session
index 4becf5e7..49d79c73 100644
--- a/apparmor.d/groups/bus/dbus-run-session
+++ b/apparmor.d/groups/bus/dbus-run-session
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/dbus-run-session
 profile dbus-run-session @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dconf-write>
 
   signal (receive) set=(term, kill, hup) peer=gdm*,
@@ -31,9 +32,6 @@ profile dbus-run-session @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
-  # file_inherit
-  /dev/tty rw,
-  /dev/tty[0-9]* rw,
 
   include if exists <local/dbus-run-session>
 }
diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache
index b467e8f2..8d0b9fe6 100644
--- a/apparmor.d/groups/freedesktop/fc-cache
+++ b/apparmor.d/groups/freedesktop/fc-cache
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*}
 profile fc-cache @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/fonts>
   include <abstractions/fontconfig-cache-write>
 
diff --git a/apparmor.d/groups/freedesktop/plymouth b/apparmor.d/groups/freedesktop/plymouth
index 67473227..059df5a3 100644
--- a/apparmor.d/groups/freedesktop/plymouth
+++ b/apparmor.d/groups/freedesktop/plymouth
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/plymouth
 profile plymouth @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   unix (send, receive, connect) type=stream peer=(addr="@/org/freedesktop/plymouthd"),
 
diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime
index bbc1eee6..1cf27d71 100644
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xdg-mime
 profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/freedesktop.org>
 
   @{exec_path} r,
@@ -47,7 +48,6 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
 
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
 
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two
   # following root processes:
diff --git a/apparmor.d/groups/freedesktop/xdg-open b/apparmor.d/groups/freedesktop/xdg-open
index d6ddceae..38346fb1 100644
--- a/apparmor.d/groups/freedesktop/xdg-open
+++ b/apparmor.d/groups/freedesktop/xdg-open
@@ -10,6 +10,7 @@ include <tunables/global>
 profile xdg-open @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/consoles>
   include <abstractions/app-launcher-user>
 
   @{exec_path} r,
@@ -50,7 +51,6 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
 
   # file_inherit
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>
diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp
index 5143346a..0d3882c7 100644
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xkbcomp
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
   unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
@@ -32,7 +33,6 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   owner /tmp/server-[0-9]*.xkm rwk,
 
   /dev/dri/card[0-9]* rw,
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
   
   deny /dev/input/event[0-9]* rw,
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index 090e2ee8..d51cc907 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -13,6 +13,7 @@ include <tunables/global>
 @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap}
 profile xorg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
@@ -131,7 +132,6 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   /dev/input/event[0-9]* rw,
   /dev/shm/#[0-9]*[0-9] rw,
   /dev/shm/shmfd-* rw,
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
   /dev/vga_arbiter rw,  # Graphic card modules
 
diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland
index 701a0de2..429f076d 100644
--- a/apparmor.d/groups/freedesktop/xwayland
+++ b/apparmor.d/groups/freedesktop/xwayland
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path}  = /{usr/,}bin/Xwayland
 profile xwayland @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
   include <abstractions/mesa>
@@ -41,7 +42,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/comm r,
 
   /dev/tty[0-9]* rw,
-  /dev/tty rw,
 
   include if exists <local/xwayland>
 }
diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker
index 548b699f..6604d117 100644
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gdm-session-worker
 profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/authentication>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
@@ -87,7 +88,6 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
         @{PROC}/1/limits r,
         @{PROC}/keys r,
 
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <local/gdm-session-worker>
diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession
index 5f3e7745..553ad6af 100644
--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@@ -43,7 +43,6 @@ profile gdm-xsession @{exec_path} {
     /{usr/,}bin/dbus-update-activation-environment mr,
 
     # file_inherit
-    /dev/tty rw,
     /dev/tty[0-9]* rw,
     owner @{HOME}/.xsession-errors w,
   }
diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console
index fe4e1f9d..642a0fed 100644
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path}  = /{usr/,}bin/gjs-console
 profile gjs-console @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
@@ -58,7 +59,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/stat r,
 
   /dev/ r,
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <local/gjs-console>
diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app
index d4f5d0bc..d0ee1f70 100644
--- a/apparmor.d/groups/gnome/gnome-extensions-app
+++ b/apparmor.d/groups/gnome/gnome-extensions-app
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/gnome-extensions-app
 profile gnome-extensions-app @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -17,7 +18,6 @@ profile gnome-extensions-app @{exec_path} {
 
   /usr/share/terminfo/x/xterm-256color r,
 
-  /dev/tty rw,
 
   include if exists <local/gnome-extensions-app>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index 6362ac80..14605070 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gnome-session-binary
 profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -141,7 +142,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pid}/cgroup r,
         @{PROC}/cmdline r,
 
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <usr/gnome-session-binary.d>
diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings
index 2192ebae..24934907 100644
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gsd-xsettings
 profile gsd-xsettings @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -70,7 +71,6 @@ profile gsd-xsettings @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
-  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   profile run-parts {
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index c612512d..d0364baf 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/nautilus
 profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/app-launcher-user>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -61,7 +62,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/mountinfo r,
         @{PROC}/@{pids}/net/wireless r,
 
-  /dev/tty rw,
   /dev/dri/card[0-9]* rw,
 
   include if exists <local/nautilus>
diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui
index d63512be..a9225495 100644
--- a/apparmor.d/groups/network/mullvad-gui
+++ b/apparmor.d/groups/network/mullvad-gui
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = "/opt/Mullvad VPN/mullvad-gui"
 profile mullvad-gui @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
@@ -69,7 +70,6 @@ profile mullvad-gui @{exec_path} {
   owner @{PROC}/@{pid}/task/@{tid}/status r,
   owner @{PROC}/@{pid}/uid_map w,
 
-  /dev/tty rw,
 
   include if exists <local/mullvad-gui>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/network/nm-openvpn-service b/apparmor.d/groups/network/nm-openvpn-service
index 3676d643..8d1e0a4c 100644
--- a/apparmor.d/groups/network/nm-openvpn-service
+++ b/apparmor.d/groups/network/nm-openvpn-service
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/nm-openvpn-service
 profile nm-openvpn-service @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability kill,
@@ -27,7 +28,6 @@ profile nm-openvpn-service @{exec_path} {
   @{run}/NetworkManager/nm-openvpn-@{uuid} rw,
 
   /dev/net/tun rw,
-  /dev/tty rw,
 
   owner @{PROC}/@{pid}/fd/ r,
 
diff --git a/apparmor.d/groups/network/wg-quick b/apparmor.d/groups/network/wg-quick
index 06ccb7d6..54a9e364 100644
--- a/apparmor.d/groups/network/wg-quick
+++ b/apparmor.d/groups/network/wg-quick
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/wg-quick
 profile wg-quick @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability net_admin,
 
@@ -39,7 +40,6 @@ profile wg-quick @{exec_path} {
 
   @{PROC}/sys/net/ipv4/conf/all/src_valid_mark w,
 
-  /dev/tty rw,
 
   # Force the use as root
   deny /{usr/,}bin/sudo x,
diff --git a/apparmor.d/groups/pacman/archlinux-java b/apparmor.d/groups/pacman/archlinux-java
index 06802b1f..6a433d46 100644
--- a/apparmor.d/groups/pacman/archlinux-java
+++ b/apparmor.d/groups/pacman/archlinux-java
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/archlinux-java
 profile archlinux-java @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -25,7 +26,6 @@ profile archlinux-java @{exec_path} {
   /{usr/,}lib/jvm/default w,
   /{usr/,}lib/jvm/default-runtime w,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/paccache b/apparmor.d/groups/pacman/paccache
index 2dd92c43..d592fffd 100644
--- a/apparmor.d/groups/pacman/paccache
+++ b/apparmor.d/groups/pacman/paccache
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/paccache
 profile paccache @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -35,7 +36,6 @@ profile paccache @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
-  /dev/tty rw,
 
   include if exists <local/paccache>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/pacman/pacdiff b/apparmor.d/groups/pacman/pacdiff
index 2ab10645..dd32a244 100644
--- a/apparmor.d/groups/pacman/pacdiff
+++ b/apparmor.d/groups/pacman/pacdiff
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pacdiff
 profile pacdiff @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -36,7 +37,6 @@ profile pacdiff @{exec_path} flags=(attach_disconnected) {
   /usr/{,**} r,
   /var/{,**} r,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny /apparmor/.null rw,
diff --git a/apparmor.d/groups/pacman/pacman-hook-dconf b/apparmor.d/groups/pacman/pacman-hook-dconf
index a4f0d2fa..431f84fb 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dconf
+++ b/apparmor.d/groups/pacman/pacman-hook-dconf
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/dconf-update
 profile pacman-hook-dconf @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -20,7 +21,6 @@ profile pacman-hook-dconf @{exec_path} {
 
   /etc/dconf/db/{,**} rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-depmod b/apparmor.d/groups/pacman/pacman-hook-depmod
index bee1028f..bab25a9c 100644
--- a/apparmor.d/groups/pacman/pacman-hook-depmod
+++ b/apparmor.d/groups/pacman/pacman-hook-depmod
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/depmod
 profile pacman-hook-depmod @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -23,7 +24,6 @@ profile pacman-hook-depmod @{exec_path} {
 
   /usr/lib/modules/*/{,**} rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-dkms b/apparmor.d/groups/pacman/pacman-hook-dkms
index 4bc084b5..4ef5907a 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/dkms
 profile pacman-hook-dkms @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -27,7 +28,6 @@ profile pacman-hook-dkms @{exec_path} {
 
   /etc/dkms/{,*} r,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-fontconfig b/apparmor.d/groups/pacman/pacman-hook-fontconfig
index 38166f03..ae89d40e 100644
--- a/apparmor.d/groups/pacman/pacman-hook-fontconfig
+++ b/apparmor.d/groups/pacman/pacman-hook-fontconfig
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/40-fontconfig-config
 profile pacman-hook-fontconfig @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -21,7 +22,6 @@ profile pacman-hook-fontconfig @{exec_path} {
   /etc/fonts/conf.d/* rwl,
   /usr/share/fontconfig/conf.default/* r,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-gio b/apparmor.d/groups/pacman/pacman-hook-gio
index b748c39c..d61c49b0 100644
--- a/apparmor.d/groups/pacman/pacman-hook-gio
+++ b/apparmor.d/groups/pacman/pacman-hook-gio
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/gio-querymodules
 profile pacman-hook-gio @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -23,7 +24,6 @@ profile pacman-hook-gio @{exec_path} {
 
   /usr/lib/gio/modules/ rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-gtk b/apparmor.d/groups/pacman/pacman-hook-gtk
index e110ded4..7b5fe2e8 100644
--- a/apparmor.d/groups/pacman/pacman-hook-gtk
+++ b/apparmor.d/groups/pacman/pacman-hook-gtk
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/gtk-update-icon-cache
 profile pacman-hook-gtk @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -23,7 +24,6 @@ profile pacman-hook-gtk @{exec_path} {
 
   /usr/share/icons/{,**} rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
index f18699b9..ac186b9f 100644
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-install
 profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -32,7 +33,6 @@ profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected)
   / r,
   owner /boot/vmlinuz-* rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
index 2280c274..b425fc93 100644
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-remove
 profile pacman-hook-mkinitcpio-remove @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -28,7 +29,6 @@ profile pacman-hook-mkinitcpio-remove @{exec_path} {
   /boot/initramfs-*.img rw,
   /boot/initramfs-*-fallback.img rw,
 
-  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl
index b18a6005..99f936a4 100644
--- a/apparmor.d/groups/pacman/pacman-hook-perl
+++ b/apparmor.d/groups/pacman/pacman-hook-perl
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/detect-old-perl-modules.sh
 profile pacman-hook-perl @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -23,7 +24,6 @@ profile pacman-hook-perl @{exec_path} {
 
   /{usr/,}lib/perl[0-9]*/{,**} r,
 
-  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-systemd b/apparmor.d/groups/pacman/pacman-hook-systemd
index b41e0a52..6a4de335 100644
--- a/apparmor.d/groups/pacman/pacman-hook-systemd
+++ b/apparmor.d/groups/pacman/pacman-hook-systemd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/systemd-hook
 profile pacman-hook-systemd @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -29,7 +30,6 @@ profile pacman-hook-systemd @{exec_path} {
 
   /usr/ rw,
 
-  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-key b/apparmor.d/groups/pacman/pacman-key
index 3f427b9a..c13fdf13 100644
--- a/apparmor.d/groups/pacman/pacman-key
+++ b/apparmor.d/groups/pacman/pacman-key
@@ -10,6 +10,7 @@ include <tunables/global>
 profile pacman-key @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -35,7 +36,6 @@ profile pacman-key @{exec_path} {
 
   /etc/pacman.d/gnupg/gpg.conf r,
 
-  /dev/tty rw,
 
   profile gpg {
     include <abstractions/base>
diff --git a/apparmor.d/groups/systemd/systemd-analyze b/apparmor.d/groups/systemd/systemd-analyze
index 271a3eb3..400bcac6 100644
--- a/apparmor.d/groups/systemd/systemd-analyze
+++ b/apparmor.d/groups/systemd/systemd-analyze
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/systemd-analyze
 profile systemd-analyze @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/systemd-common>
 
   capability sys_resource,
@@ -57,8 +58,5 @@ profile systemd-analyze @{exec_path} {
   owner @{PROC}/@{pid}/comm r,
         @{PROC}/swaps r,
 
-  /dev/tty rw,
-  /dev/pts/1 rw,
-
   include if exists <local/systemd-analyze>
 }
diff --git a/apparmor.d/groups/systemd/systemd-environment-d-generator b/apparmor.d/groups/systemd/systemd-environment-d-generator
index e007b6dc..6b3ef2f9 100644
--- a/apparmor.d/groups/systemd/systemd-environment-d-generator
+++ b/apparmor.d/groups/systemd/systemd-environment-d-generator
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/systemd/user-environment-generators/*
 profile systemd-environment-d-generator @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/systemd-common>
   include <abstractions/nameservice-strict>
 
@@ -24,7 +25,6 @@ profile systemd-environment-d-generator @{exec_path} {
 
   owner @{user_config_dirs}/environment.d/{,*.conf} r,
 
-  /dev/tty rw,
 
   include if exists <local/systemd-environment-d-generator>
 }
diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep
index f2337965..fb8fab89 100644
--- a/apparmor.d/groups/systemd/systemd-sleep
+++ b/apparmor.d/groups/systemd/systemd-sleep
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/systemd/systemd-sleep
 profile systemd-sleep @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
@@ -29,7 +30,6 @@ profile systemd-sleep @{exec_path} {
 
   @{PROC}/driver/nvidia/suspend w,
 
-  /dev/tty rw,
 
   include if exists <local/systemd-sleep>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s
index 3f041cc4..dcf8745a 100644
--- a/apparmor.d/groups/virt/k3s
+++ b/apparmor.d/groups/virt/k3s
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{local/,}bin/k3s
 profile k3s @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/disks-read>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
@@ -166,7 +167,6 @@ profile k3s @{exec_path} {
   @{sys}/module/apparmor/parameters/enabled r,
 
   /dev/kmsg r,
-  /dev/pts/[0-9]* rw,
 
   include if exists <local/k3s>
 }
diff --git a/apparmor.d/profiles-a-f/acpid b/apparmor.d/profiles-a-f/acpid
index 8074ef09..486c40a9 100644
--- a/apparmor.d/profiles-a-f/acpid
+++ b/apparmor.d/profiles-a-f/acpid
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/acpid
 profile acpid @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -33,7 +34,6 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/loginuid r,
 
   /dev/input/{,**} r,
-  /dev/tty rw,
 
   include if exists <local/acpid>
 }
diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd
index a40c4249..d3ef9890 100644
--- a/apparmor.d/profiles-a-f/apparmor.systemd
+++ b/apparmor.d/profiles-a-f/apparmor.systemd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/apparmor/apparmor.systemd
 profile apparmor.systemd @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability mac_admin,
@@ -41,7 +42,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   @{PROC}/filesystems r,
   @{PROC}/mounts r,
 
-  /dev/tty rw,
 
   include if exists <local/apparmor.systemd>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/askpass b/apparmor.d/profiles-a-f/askpass
index 67938a92..da82ec52 100644
--- a/apparmor.d/profiles-a-f/askpass
+++ b/apparmor.d/profiles-a-f/askpass
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/code/extensions/git/dist/askpass.sh
 profile askpass @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   network inet dgram,
   network inet6 dgram,
@@ -25,7 +26,6 @@ profile askpass @{exec_path} {
 
   owner /tmp/tmp.* rw,
 
-  /dev/tty rw,
 
   include if exists <local/askpass>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/augenrules b/apparmor.d/profiles-a-f/augenrules
index f7356dd0..211a5e0d 100644
--- a/apparmor.d/profiles-a-f/augenrules
+++ b/apparmor.d/profiles-a-f/augenrules
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/augenrules
 profile augenrules @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -19,7 +20,6 @@ profile augenrules @{exec_path} {
 
   owner /tmp/aurules.* rw,
 
-  /dev/tty rw,
 
   include if exists <local/augenrules>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/aurpublish b/apparmor.d/profiles-a-f/aurpublish
index 879199f5..978f97ba 100644
--- a/apparmor.d/profiles-a-f/aurpublish
+++ b/apparmor.d/profiles-a-f/aurpublish
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/aurpublish/*.hook
 profile aurpublish @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   signal (receive) peer=git,
 
@@ -25,7 +26,6 @@ profile aurpublish @{exec_path} {
   owner @{user_projects_dirs}/**/.SRCINFO rw,
   owner @{user_projects_dirs}/**/PKGBUILD r,
 
-  /dev/tty rw,
 
   include if exists <local/aurpublish>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman
index 362666f7..609b7553 100644
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/blueman-*
 profile blueman @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/audio>
   include <abstractions/dconf-write>
   include <abstractions/fontconfig-cache-read>
@@ -67,7 +68,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   /dev/dri/card[0-9]* rw,
   /dev/rfkill r,
   /dev/shm/ r,
-  /dev/tty rw,
 
   profile open {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince
index 0190d419..7768dffe 100644
--- a/apparmor.d/profiles-a-f/evince
+++ b/apparmor.d/profiles-a-f/evince
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/evince /{usr/,}lib/evinced
 profile evince @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dconf-write>
   include <abstractions/gnome>
   include <abstractions/openssl>
@@ -40,7 +41,6 @@ profile evince @{exec_path} {
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
 
-  /dev/tty rw,
 
   include if exists <local/evince>
 }
diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg
index 55963c46..359095a9 100644
--- a/apparmor.d/profiles-a-f/firecfg
+++ b/apparmor.d/profiles-a-f/firecfg
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/firecfg
 profile firecfg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -34,7 +35,6 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
   @{user_share_dirs}/applications/ r,
   @{user_share_dirs}/applications/*.desktop rw,
 
-  /dev/tty rw,
 
   deny /apparmor/.null rw,
 
diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr
index 57144bb0..f26ab2fa 100644
--- a/apparmor.d/profiles-a-f/fwupdmgr
+++ b/apparmor.d/profiles-a-f/fwupdmgr
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/fwupdmgr
 profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/nameservice-strict>
@@ -42,7 +43,6 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
 
   owner @{PROC}/@{pid}/fd/ r,
 
-  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-g-l/install-info b/apparmor.d/profiles-g-l/install-info
index a541546c..f54441c1 100644
--- a/apparmor.d/profiles-g-l/install-info
+++ b/apparmor.d/profiles-g-l/install-info
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/install-info
 profile install-info @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -20,8 +21,6 @@ profile install-info @{exec_path} {
   /usr/share/info/{,**} r,
   /usr/share/info/dir rw,
 
-  /dev/tty rw,
-
   # Inherit silencer
   deny network inet6 stream,
   deny network inet stream,
diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs
index eaf3104d..6d460635 100644
--- a/apparmor.d/profiles-m-r/mount-zfs
+++ b/apparmor.d/profiles-m-r/mount-zfs
@@ -9,14 +9,13 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/mount.zfs
 profile mount-zfs @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability sys_admin,  # To mount anything.
 
   @{exec_path} mr,
 
-  /dev/pts/[0-9]* rw,
-
   @{MOUNTDIRS}/ r,
   @{MOUNTS}/ r,
   @{MOUNTS}/*/ r,
diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
index 17a723e0..d4df0d2b 100644
--- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
+++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/needrestart/iucode-scan-versions
 profile needrestart-iucode-scan-versions @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -29,7 +30,6 @@ profile needrestart-iucode-scan-versions @{exec_path} {
  
   @{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r,
 
-  /dev/tty rw,
 
   include if exists <local/needrestart-iucode-scan-versions>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass
index b701b02b..366584a8 100644
--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pass
 profile pass @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -65,7 +66,6 @@ profile pass @{exec_path} {
   @{PROC}/sys/kernel/osrelease r,
   @{PROC}/uptime r,
 
-  /dev/tty rw,
 
   profile editor {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent
index fb894967..148e25e5 100644
--- a/apparmor.d/profiles-m-r/pkttyagent
+++ b/apparmor.d/profiles-m-r/pkttyagent
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pkttyagent
 profile pkttyagent @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
@@ -39,7 +40,6 @@ profile pkttyagent @{exec_path} {
 
   owner @{PROC}/@{pids}/stat r,
 
-  /dev/tty rw,
 
   include if exists <local/pkttyagent>
 }
diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf
index d5b5fdb8..37efaada 100644
--- a/apparmor.d/profiles-m-r/resolvconf
+++ b/apparmor.d/profiles-m-r/resolvconf
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}sbin/resolvconf
 profile resolvconf @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -33,7 +34,6 @@ profile resolvconf @{exec_path} {
   owner @{run}/resolvconf/{,**} rw,
   owner @{run}/resolvconf/run-lock wk,
 
-  /dev/tty rw,
 
   include if exists <local/resolvconf>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/start-pulseaudio-x11 b/apparmor.d/profiles-s-z/start-pulseaudio-x11
index de71e9f4..c14b8fa5 100644
--- a/apparmor.d/profiles-s-z/start-pulseaudio-x11
+++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11
@@ -9,13 +9,13 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/start-pulseaudio-x11
 profile start-pulseaudio-x11 @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   @{exec_path} mr,
 
   /{usr/,}bin/{,ba,da}sh rix,
   /{usr/,}bin/pactl      rPx,
 
-  /dev/tty rw,
 
   include if exists <local/start-pulseaudio-x11>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/udisksctl b/apparmor.d/profiles-s-z/udisksctl
index 58fca3ce..cacf0d1b 100644
--- a/apparmor.d/profiles-s-z/udisksctl
+++ b/apparmor.d/profiles-s-z/udisksctl
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/udisksctl
 profile udisksctl @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -19,7 +20,6 @@ profile udisksctl @{exec_path} {
   /{usr/,}bin/less  rPx -> child-pager,
   /{usr/,}bin/more  rPx -> child-pager,
 
-  /dev/tty rw,
 
   include if exists <local/udisksctl>
 }
diff --git a/apparmor.d/profiles-s-z/update-ca-trust b/apparmor.d/profiles-s-z/update-ca-trust
index caa578b8..f8067056 100644
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/update-ca-trust
 profile update-ca-trust @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/ssl_certs>
 
   capability dac_read_search,
@@ -30,7 +31,6 @@ profile update-ca-trust @{exec_path} {
   /etc/ssl/certs/{,*} rw,
   /etc/ssl/certs/java/cacerts{,.*} w,
 
-  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/profiles-s-z/wl-copy b/apparmor.d/profiles-s-z/wl-copy
index 880d3dc1..0a07cf86 100644
--- a/apparmor.d/profiles-s-z/wl-copy
+++ b/apparmor.d/profiles-s-z/wl-copy
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/wl-{copy,paste}
 profile wl-copy @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -19,7 +20,6 @@ profile wl-copy @{exec_path} {
 
   owner /tmp/wl-copy-buffer-*/{,**} rw,
 
-  /dev/tty rw,
 
   include if exists <local/wl-copy>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool
index 77dae7f0..2bc62188 100644
--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{local/,}{s,}bin/zpool
 profile zpool @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/disks-read>
 
   capability sys_admin,
@@ -31,7 +32,6 @@ profile zpool @{exec_path} {
   @{PROC}/@{pids}/mounts r,
   @{PROC}/sys/kernel/spl/hostid r,
 
-  /dev/pts/[0-9]* rw,
   /dev/zfs rw,
 
   include if exists <local/zpool>
diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd
index 8862b59c..d1dcc5ac 100644
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/zsysd /{usr/,}{s,}bin/zsysctl
 profile zsysd @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
@@ -41,7 +42,6 @@ profile zsysd @{exec_path} flags=(complain) {
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
-  /dev/pts/[0-9]* rw,
   /dev/zfs rw,
 
   include if exists <local/zsysd>