diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open
index 8a95962d..034f46b3 100644
--- a/apparmor.d/groups/children/child-open
+++ b/apparmor.d/groups/children/child-open
@@ -34,6 +34,7 @@ profile child-open {
   @{sh_path}               rix,
   @{bin}/{,m,g}awk         rix,
   @{bin}/basename          rix,
+  @{bin}/env               rix,
   @{bin}/readlink          rix,
 
   include if exists <usr/child-open.d>
diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session
index d098d7e8..a066fe11 100644
--- a/apparmor.d/groups/freedesktop/pipewire-media-session
+++ b/apparmor.d/groups/freedesktop/pipewire-media-session
@@ -25,6 +25,11 @@ profile pipewire-media-session @{exec_path} {
 
   signal (receive) set=(cont term) peer=@{systemd_user},
 
+  dbus send bus=session path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member=GetConnectionUnixProcessID
+       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
+
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper
index d0348302..9506ccb0 100644
--- a/apparmor.d/groups/freedesktop/polkit-agent-helper
+++ b/apparmor.d/groups/freedesktop/polkit-agent-helper
@@ -30,15 +30,15 @@ profile polkit-agent-helper @{exec_path} {
   signal (receive) set=(term, kill) peer=pkttyagent,
   signal (receive) set=(term, kill) peer=polkit-*-authentication-agent,
 
-  dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.DBus.Properties
        member=GetAll
-       peer=(name=:*),
+       peer=(name=:*, label=polkitd),
 
-  dbus (send) bus=system path=/org/freedesktop/PolicyKit1/Authority
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.PolicyKit1.Authority
        member=AuthenticationAgentResponse2
-       peer=(name=:*),
+       peer=(name=:*, label=polkitd),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker
index 0ce36eea..122ab167 100644
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@@ -51,7 +51,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
-       member=*Session
+       member={*Session,CreateSessionWithPIDFD}
        peer=(name=org.freedesktop.login1, label=systemd-logind),
 
   dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console
index 7e78bade..fb276acf 100644
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@@ -45,6 +45,15 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
        member=GetActive
        peer=(name=org.gnome.Shell.ScreenShield, label=gnome-shell),
 
+  dbus send bus=session path=/org/gnome/Shell
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-shell),
+  dbus send bus=session path=/org/gnome/Shell
+       interface=org.gnome.Shell.Extensions
+       member=ListExtensions
+       peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   @{bin}/       r,
diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center
index 4d1e23af..0bed90b8 100644
--- a/apparmor.d/groups/gnome/gnome-control-center
+++ b/apparmor.d/groups/gnome/gnome-control-center
@@ -11,9 +11,9 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio>
   include <abstractions/bus-accessibility>
+  include <abstractions/bus-session>
+  include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
-  include <abstractions/dbus-session>
-  include <abstractions/dbus>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
   include <abstractions/graphics>
@@ -32,6 +32,10 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
 
   unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon),
 
+  dbus bus=accessibility,
+  dbus bus=session,
+  dbus bus=system,
+
   @{exec_path} mr,
 
   @{bin}/@{shells}     rUx,
diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding
index 92cefd7c..5d75c57f 100644
--- a/apparmor.d/groups/gnome/gnome-extension-ding
+++ b/apparmor.d/groups/gnome/gnome-extension-ding
@@ -16,6 +16,7 @@ profile gnome-extension-ding @{exec_path} {
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.FileManager1>
   include <abstractions/bus/org.freedesktop.Notifications>
+  include <abstractions/bus/org.gnome.ArchiveManager1>
   include <abstractions/bus/org.gnome.Nautilus.FileOperations2>
   include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
   include <abstractions/bus/org.gtk.vfs.Daemon>
@@ -29,17 +30,13 @@ profile gnome-extension-ding @{exec_path} {
 
   unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
 
-  # dbus: own bus=session name=com.rastersoft.ding
+  # dbus: own bus=session name=com.rastersoft.ding interface={org.freedesktop.DBus.Properties,org.gtk.Actions}
   # dbus: talk bus=session name=com.rastersoft.dingextension label=gnome-shell
 
   dbus send bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect 
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
-  dbus send bus=session path=/org/gnome/Nautilus/FileOperations2
-       interface=org.freedesktop.DBus.Introspectable
-       member=Introspect
-       peer=(name=:*, label=nautilus),
 
   dbus send bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus*
@@ -48,6 +45,11 @@ profile gnome-extension-ding @{exec_path} {
        interface=org.freedesktop.DBus*
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
+  dbus send bus=session path=/org/gtk/vfs/metadata
+       interface=org.gtk.vfs.Metadata
+       member=Set
+       peer=(name=:*, label=gvfsd-metadata),
+
   @{exec_path} mr,
 
   @{sh_path}                   rix,
diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup
index 8f4d043c..134a8747 100644
--- a/apparmor.d/groups/gnome/gnome-initial-setup
+++ b/apparmor.d/groups/gnome/gnome-initial-setup
@@ -9,15 +9,20 @@ include <tunables/global>
 @{exec_path} = @{lib}/gnome-initial-setup
 profile gnome-initial-setup @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-system>
+  include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
+  include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
   include <abstractions/graphics>
   include <abstractions/nameservice-strict>
 
+  network inet stream,
+  network inet6 stream,
   network netlink raw,
 
-  # dbus: own bus=session name=org.gnome.InitialSetup
+  # dbus: own bus=session name=org.gnome.InitialSetup interface={org.freedesktop.DBus.Properties,org.gtk.Actions}
 
   @{exec_path} mr,
 
@@ -35,6 +40,9 @@ profile gnome-initial-setup @{exec_path} {
 
   /var/lib/gdm{,3}/greeter-dconf-defaults r,
 
+        @{run}/systemd/sessions/@{int} r,
+  owner @{run}/systemd/users/@{uid} r,
+
   owner @{user_config_dirs}/ibus/bus/ r,
   owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
 
diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon
index 2d55360d..0f9d439a 100644
--- a/apparmor.d/groups/gnome/gnome-keyring-daemon
+++ b/apparmor.d/groups/gnome/gnome-keyring-daemon
@@ -14,7 +14,6 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.login1.Session>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
-  include <abstractions/bus/org.freedesktop.secrets>
   include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/openssl>
 
@@ -25,13 +24,18 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
   signal (send) set=(term) peer=ssh-agent,
 
   # dbus: own bus=session name=org.gnome.keyring
-  # dbus: own bus=session name=org.freedesktop.secrets
+  # dbus: own bus=session name=org.freedesktop.{S,s}ecret{,s}
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
        peer=(name=:*, label=gnome-shell),
 
+  dbus send bus=system path=/org/freedesktop/login1
+       interface=org.freedesktop.login1.Manager
+       member=GetSession
+       peer=(name=org.freedesktop.login1, label=systemd-logind),
+
   @{exec_path} mr,
 
   @{bin}/ssh-add   rix,
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index 8cab4f36..8b9a6394 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -49,7 +49,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
-       peer=(name=org.freedesktop.systemd1, label=@{systemd}),
+       peer=(name=org.freedesktop.systemd1, label="@{systemd_user}"),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor
index 0d460b4e..1426c17c 100644
--- a/apparmor.d/groups/gnome/gnome-system-monitor
+++ b/apparmor.d/groups/gnome/gnome-system-monitor
@@ -12,6 +12,7 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
 
   capability sys_ptrace,
@@ -24,9 +25,14 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
 
   signal (send) set=(kill term cont stop),
 
+  # dbus: own bus=session name=org.gnome.SystemMonitor
+
   @{exec_path} mr,
 
+  @{bin}/lsblk  rPx,
   @{bin}/pkexec rPx,
+  @{bin}/sed    rix,
+  @{sh_path}    rix,
 
   /usr/share/gnome-system-monitor/{,**} r,
   /usr/share/firefox-esr/browser/chrome/icons/default/*.png r,
@@ -64,6 +70,7 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
   @{PROC}/@{pids}/stat r,
   @{PROC}/@{pids}/statm r,
   @{PROC}/@{pids}/wchan r,
+  @{PROC}/diskstats r,
   @{PROC}/vmstat r,
 
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server
index f9673fc3..05543d20 100644
--- a/apparmor.d/groups/gnome/gnome-terminal-server
+++ b/apparmor.d/groups/gnome/gnome-terminal-server
@@ -34,7 +34,7 @@ profile gnome-terminal-server @{exec_path} {
   dbus send bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        member=StartTransientUnit
-       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
+       peer=(name=org.freedesktop.systemd1, label="@{systemd_user}"),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color
index 171831ca..474180e3 100644
--- a/apparmor.d/groups/gnome/gsd-color
+++ b/apparmor.d/groups/gnome/gsd-color
@@ -13,7 +13,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-session>
   include <abstractions/bus-system>
   include <abstractions/bus/org.a11y>
-  include <abstractions/bus/org.freedesktop.ColorManager>
   include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
   include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/bus/org.gtk.vfs.MountTracker>
@@ -27,6 +26,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
 
   # dbus: own bus=session name=org.gnome.SettingsDaemon.Color
 
+  # dbus: talk bus=system name=org.freedesktop.ColorManager label=colord
+
   @{exec_path} mr,
 
   /usr/share/dconf/profile/gdm r,
diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing
index b1c45c8f..7db51a66 100644
--- a/apparmor.d/groups/gnome/gsd-sharing
+++ b/apparmor.d/groups/gnome/gsd-sharing
@@ -39,6 +39,11 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
+  @{run}/systemd/sessions/@{int} r,
+  @{run}/systemd/users/@{uid} r,
+
+  @{PROC}/@{pid}/cgroup r,
+
   owner /dev/tty@{int} rw,
 
   include if exists <local/gsd-sharing>
diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames
index b56e8a16..fd9d4fc2 100644
--- a/apparmor.d/groups/gnome/mutter-x11-frames
+++ b/apparmor.d/groups/gnome/mutter-x11-frames
@@ -26,6 +26,9 @@ profile mutter-x11-frames @{exec_path} {
 
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
+  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+
+  @{sys}/devices/@{pci}/boot_vga r,
 
   owner @{PROC}/@{pid}/cmdline r,
 
diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http
index e682c508..3667921b 100644
--- a/apparmor.d/groups/gvfs/gvfsd-http
+++ b/apparmor.d/groups/gvfs/gvfsd-http
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/{,gvfs/}gvfsd-http
 profile gvfsd-http @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
   include <abstractions/dconf-write>
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
@@ -22,6 +23,21 @@ profile gvfsd-http @{exec_path} {
   network inet6 dgram,
   network netlink raw,
 
+  # dbus: own bus=session name=org.gtk.vfs.mountpoint_http
+
+  dbus receive bus=session path=/org/gtk/vfs/mountable
+       interface=org.gtk.vfs.Mountable
+       member=Mount
+       peer=(name=:*, label=gvfsd),
+  dbus send bus=session path=/org/gtk/gvfs/exec_spaw/0
+       interface=org.gtk.vfs.Spawner
+       member=Spawned
+       peer=(name=:*, label=gvfsd),
+  dbus send bus=session path=/org/gtk/vfs/mounttracker
+       interface=org.gtk.vfs.MountTracker
+       member=RegisterMount
+       peer=(name=:*, label=gvfsd),
+
   @{exec_path} mr,
 
   owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
diff --git a/apparmor.d/groups/ssh/ssh-agent-launch b/apparmor.d/groups/ssh/ssh-agent-launch
index 84b66502..b2641671 100644
--- a/apparmor.d/groups/ssh/ssh-agent-launch
+++ b/apparmor.d/groups/ssh/ssh-agent-launch
@@ -14,6 +14,7 @@ profile ssh-agent-launch @{exec_path} {
 
   @{bin}/{,z,ba,da}sh   rix,
   @{bin}/dbus-update-activation-environment  rCx -> dbus,
+  @{bin}/getopt         rix,
   @{bin}/grep           rix,
   @{bin}/ssh-agent      rPx,
 
diff --git a/apparmor.d/groups/systemd/busctl b/apparmor.d/groups/systemd/busctl
index 69777e4e..d099269b 100644
--- a/apparmor.d/groups/systemd/busctl
+++ b/apparmor.d/groups/systemd/busctl
@@ -9,6 +9,9 @@ include <tunables/global>
 @{exec_path} = @{bin}/busctl
 profile busctl @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
+  include <abstractions/bus-session>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
@@ -19,15 +22,25 @@ profile busctl @{exec_path} {
 
   unix (bind) type=stream addr=@@{hex}/bus/busctl/busctl,
 
+  dbus eavesdrop bus=session,
+
+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus.Monitoring
+       member=BecomeMonitor
+       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
+
   @{exec_path} mr,
 
   @{bin}/less  rPx -> child-pager,
   @{bin}/more  rPx -> child-pager,
   @{bin}/pager rPx -> child-pager,
 
-  @{PROC}/@{pids}/cgroup r,
-  @{PROC}/@{pids}/comm r,
-  @{PROC}/@{pids}/stat r,
+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/comm r,
+  owner @{PROC}/@{pid}/loginuid r,
+  owner @{PROC}/@{pid}/sessionid r,
+  owner @{PROC}/@{pid}/stat r,
 
   include if exists <local/busctl>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/systemd/systemd-detect-virt b/apparmor.d/groups/systemd/systemd-detect-virt
index 1efa0e42..75cf8ba4 100644
--- a/apparmor.d/groups/systemd/systemd-detect-virt
+++ b/apparmor.d/groups/systemd/systemd-detect-virt
@@ -19,6 +19,7 @@ profile systemd-detect-virt @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{run}/cloud-init/ds-identify.log w,
   @{run}/host/container-manager r,
   @{run}/systemd/notify w,
 
diff --git a/apparmor.d/groups/systemd/systemd-generator-cloud-init b/apparmor.d/groups/systemd/systemd-generator-cloud-init
index e83f4c9d..48480621 100644
--- a/apparmor.d/groups/systemd/systemd-generator-cloud-init
+++ b/apparmor.d/groups/systemd/systemd-generator-cloud-init
@@ -19,7 +19,8 @@ profile systemd-generator-cloud-init @{exec_path} flags=(attach_disconnected) {
   @{bin}/systemd-detect-virt     rPx,
   @{lib}/cloud-init/ds-identify rPUx,
 
-  @{run}/cloud-init/cloud-init-generator.log rw,
+  @{run}/cloud-init/ w,
+  @{run}/cloud-init/cloud-init-generator.* rw,
   @{run}/cloud-init/disabled w,
 
   @{PROC}/cmdline r,
diff --git a/apparmor.d/groups/systemd/systemd-generator-ds-identify b/apparmor.d/groups/systemd/systemd-generator-ds-identify
index e78ab606..b4a2273e 100644
--- a/apparmor.d/groups/systemd/systemd-generator-ds-identify
+++ b/apparmor.d/groups/systemd/systemd-generator-ds-identify
@@ -20,7 +20,10 @@ profile systemd-generator-ds-identify @{exec_path} flags=(attach_disconnected) {
   @{bin}/tr                      rix,
   @{bin}/uname                   rix,
 
-  @{run}/cloud-init/.ds-identify.result r,
+  @{run}/cloud-init/{,.}ds-identify.* rw,
+
+  @{PROC}/cmdline r,
+  @{PROC}/uptime r,
 
   include if exists <local/systemd-generator-ds-identify>
 }
diff --git a/apparmor.d/groups/systemd/systemd-journald b/apparmor.d/groups/systemd/systemd-journald
index 3ffdf8be..707fbe96 100644
--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@@ -19,6 +19,7 @@ profile systemd-journald @{exec_path} {
   capability dac_override,
   capability dac_read_search,
   capability fowner,
+  capability kill,
   capability setgid,
   capability setuid,
   capability sys_admin,
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index 5b8671c7..b4cd8b06 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -59,6 +59,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
   / r,
   /boot/{,**} r,
   /efi/{,**} r,
+  /swap.img r,
   /swap/swapfile r,
   /swapfile r,
 
diff --git a/apparmor.d/groups/ubuntu/apport b/apparmor.d/groups/ubuntu/apport
index e6ef9e2e..42328162 100644
--- a/apparmor.d/groups/ubuntu/apport
+++ b/apparmor.d/groups/ubuntu/apport
@@ -10,10 +10,13 @@ include <tunables/global>
 profile apport @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/apt-common>
+  include <abstractions/bus-session>
+  include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
 
+  capability dac_read_search,
   capability fsetid,
   capability setgid,
   capability setuid,
@@ -21,21 +24,32 @@ profile apport @{exec_path} flags=(attach_disconnected) {
 
   ptrace (read) peer=gnome-shell,
   ptrace (read) peer=snap.cups.cupsd,
+  ptrace (read) peer=tracker-extract,
 
   @{exec_path} mr,
 
-  /usr/share/apport/ r,
+  @{bin}/dpkg rPx,
+  @{bin}/gdbus rix,
+
+  /usr/share/apport/{,**} r,
+
+  /etc/apport/report-ignore/{,**} r,
 
         /var/crash/ rw,
+        /var/crash/*.@{uid}.crash rw,
   owner /var/log/apport.log rw,
 
   @{run}/apport.lock rwk,
 
-  @{PROC}/@{pid}/stat r,
-  @{PROC}/sys/fs/suid_dumpable w,
-  @{PROC}/sys/kernel/core_pattern r,
-  @{PROC}/sys/kernel/core_pattern w,
-  @{PROC}/sys/kernel/core_pipe_limit w,
+        @{PROC}/@{pid}/environ r,
+        @{PROC}/@{pid}/stat r,
+        @{PROC}/sys/fs/suid_dumpable w,
+        @{PROC}/sys/kernel/core_pattern r,
+        @{PROC}/sys/kernel/core_pattern w,
+        @{PROC}/sys/kernel/core_pipe_limit w,
+  owner @{PROC}/@{pid}/attr/current r,
+  owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/fd/ r,
 
   include if exists <local/apport>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk
index e81d4b76..75f6825b 100644
--- a/apparmor.d/groups/ubuntu/apport-gtk
+++ b/apparmor.d/groups/ubuntu/apport-gtk
@@ -14,13 +14,11 @@ profile apport-gtk @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
+  include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
   include <abstractions/ssl_certs>
-  include <abstractions/wayland>
 
   capability fowner,
   capability sys_ptrace,
diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier
index 8ebf8f97..a8d94f60 100644
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@@ -22,17 +22,24 @@ profile update-notifier @{exec_path} {
   include <abstractions/openssl>
   include <abstractions/python>
 
-  # dbus: talk bus=system name=org.debian.apt label=apt
+  unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-api-user,
 
-#   dbus receive bus=session path=/org/ayatana/NotificationItem{,/**}
-#        interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
-#        peer=(name=:*, label=gnome-shell),
+  # dbus: talk bus=system name=org.debian.apt label=apt
 
   dbus receive bus=session path=/org/ayatana/NotificationItem/software_update_available
        interface=org.freedesktop.DBus.Properties
        member={Get,GetAll}
        peer=(name=:*, label=gnome-shell),
 
+  dbus receive bus=session path=/org/ayatana/NotificationItem/livepatch{,/Menu}
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-shell),
+  dbus receive bus=session path=/org/ayatana/NotificationItem/livepatch/Menu
+       interface=com.canonical.dbusmenu
+       member={AboutToShow,GetGroupProperties,GetLayout}
+       peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   @{sh_path}                                     rix,
diff --git a/apparmor.d/profiles-a-f/anacron b/apparmor.d/profiles-a-f/anacron
index 6b460b59..68a121bd 100644
--- a/apparmor.d/profiles-a-f/anacron
+++ b/apparmor.d/profiles-a-f/anacron
@@ -11,6 +11,8 @@ profile anacron @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
+  signal (receive) set=(usr1) peer=@{systemd},
+
   @{exec_path} mr,
 
   @{sh_path}         rix,
diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller
index 738216fd..2e784aad 100644
--- a/apparmor.d/profiles-a-f/file-roller
+++ b/apparmor.d/profiles-a-f/file-roller
@@ -12,6 +12,7 @@ profile file-roller @{exec_path} {
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
+  include <abstractions/bus/org.freedesktop.portal.Desktop>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd
index 84f7aeec..9afda162 100644
--- a/apparmor.d/profiles-m-r/obexd
+++ b/apparmor.d/profiles-m-r/obexd
@@ -17,13 +17,12 @@ profile obexd @{exec_path} {
   network bluetooth stream,
   network bluetooth seqpacket,
 
-  # dbus: own bus=system name=org.bluez.obex
+  # dbus: own bus=session name=org.bluez.obex
 
   @{exec_path} mr,
 
   owner @{user_cache_dirs}/ rw,
-  owner @{user_cache_dirs}/obexd/ rw,
-  owner @{user_cache_dirs}/obexd/* rw,
+  owner @{user_cache_dirs}/obexd/{,**} rw,
 
   owner @{HOME}/bluetooth/* rw,
 
diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap
index a4f434a2..d0b274b2 100644
--- a/apparmor.d/profiles-s-z/snap
+++ b/apparmor.d/profiles-s-z/snap
@@ -19,6 +19,7 @@ profile snap @{exec_path} {
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
+  capability setuid,
   capability sys_admin,
 
   unix (send, receive) type=stream peer=(label=apt),
@@ -28,12 +29,12 @@ profile snap @{exec_path} {
   dbus send bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        member=StartTransientUnit
-       peer=(name=org.freedesktop.systemd1, label="@{systemd}"),
+       peer=(name=org.freedesktop.systemd1, label="@{systemd_user}"),
 
   dbus receive bus=session path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
        member=JobRemoved
-       peer=(name=:*, label="@{systemd}"),
+       peer=(name=:*, label="@{systemd_user}"),
 
   dbus send bus=session path=/org/freedesktop/portal/documents
        interface=org.freedesktop.portal.Documents
@@ -47,9 +48,6 @@ profile snap @{exec_path} {
   @{bin}/gpg{,2}          rCx -> gpg,
   @{bin}/systemctl        rPx -> child-systemctl,
 
-  /snap/{,**} rw,
-  @{lib}/snapd/snap-confine rPx -> /usr/lib/snapd/snap-confine,
-
   @{lib_dirs}/snapd/snap-confine     rPx,
   @{lib_dirs}/snapd/snap-seccomp     rPx,
   @{lib_dirs}/snapd/snapd            rPx,
@@ -60,6 +58,7 @@ profile snap @{exec_path} {
   /var/cache/snapd/commands.db rwk,
   /var/cache/snapd/names r,
 
+  /snap/{,**} rw,
   @{HOME}/snap/{,**} rw,
 
   owner /tmp/snapd-auto-import-mount-@{int}/ rw,
diff --git a/apparmor.d/profiles-s-z/snapd-apparmor b/apparmor.d/profiles-s-z/snapd-apparmor
index c833c0cc..d9be96e8 100644
--- a/apparmor.d/profiles-s-z/snapd-apparmor
+++ b/apparmor.d/profiles-s-z/snapd-apparmor
@@ -17,6 +17,7 @@ profile snapd-apparmor @{exec_path} {
   @{bin}/systemd-detect-virt         rPx,
   @{bin}/apparmor_parser             rPx,
 
+  @{lib_dirs}/snapd/apparmor_parser  rPx -> apparmor_parser,
   @{lib_dirs}/snapd/info r,
 
   /var/lib/snapd/apparmor/profiles/ r,
diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird
index 700904c9..799ec187 100644
--- a/apparmor.d/profiles-s-z/thunderbird
+++ b/apparmor.d/profiles-s-z/thunderbird
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{name} = thunderbird{,-bin}
+@{name} = thunderbird{,.sh,-bin} 
 @{lib_dirs} = @{lib}/@{name}
 @{config_dirs} = @{HOME}/.@{name}/
 @{cache_dirs} = @{user_cache_dirs}/@{name}/
@@ -59,7 +59,8 @@ profile thunderbird @{exec_path} {
 
   @{exec_path} mrix,
 
-  @{sh_path}         rix,
+  @{sh_path}                rix,
+  @{bin}/which.debianutils  rix,
 
   @{lib_dirs}/{,**}                            r,
   @{lib_dirs}/*.so                            mr,
diff --git a/dists/ignore/main.ignore b/dists/ignore/main.ignore
index 98fbf2c4..7c8aca7f 100644
--- a/dists/ignore/main.ignore
+++ b/dists/ignore/main.ignore
@@ -15,7 +15,6 @@ man
 
 # Work in progress profiles
 plasma-discover
-snap
 steam
 steam-fossilize
 steam-game