diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 648ac732..071ad914 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -44,14 +44,16 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
   # but will fall back to a non-privileged version if it fails.
   deny capability net_admin,
 
-  ptrace (read,trace) peer=unconfined,
-
   network inet  stream,
   network inet6 stream,
   network inet  dgram,
   network inet6 dgram,
   network netlink raw,
 
+  signal (receive) set=(hup) peer=@{systemd},
+
+  ptrace (read,trace) peer=@{systemd},
+
   dbus send bus=system path=/org/freedesktop/login[0-9]
     interface=org.freedesktop.login[0-9].Manager
     member={CreateSession,ReleaseSession}
diff --git a/apparmor.d/groups/systemd/systemd-update-done b/apparmor.d/groups/systemd/systemd-update-done
index e497a554..bd9a0d07 100644
--- a/apparmor.d/groups/systemd/systemd-update-done
+++ b/apparmor.d/groups/systemd/systemd-update-done
@@ -12,7 +12,7 @@ profile systemd-update-done @{exec_path} {
 
   capability net_admin,
 
-  ptrace (read) peer=unconfined,
+  ptrace (read) peer=@{systemd},
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/systemd/systemd-userwork b/apparmor.d/groups/systemd/systemd-userwork
index 3732f425..4d2b26de 100644
--- a/apparmor.d/groups/systemd/systemd-userwork
+++ b/apparmor.d/groups/systemd/systemd-userwork
@@ -14,6 +14,8 @@ profile systemd-userwork @{exec_path} flags=(attach_disconnected) {
 
   capability sys_resource,
 
+  signal (send) peer=@{systemd},
+
   @{exec_path} mr,
 
   /etc/machine-id r,
diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga
index 46fdf3d7..4f7462b9 100644
--- a/apparmor.d/profiles-m-r/qemu-ga
+++ b/apparmor.d/profiles-m-r/qemu-ga
@@ -19,7 +19,7 @@ profile qemu-ga @{exec_path} {
   network inet6 stream,
   network netlink raw,
 
-  ptrace peer=unconfined,
+  ptrace (read) peer=@{systemd},
 
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd
index 84d34247..db5e3315 100644
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@@ -44,7 +44,7 @@ profile snapd @{exec_path} {
   umount /snap/*/*/,
 
   ptrace (read) peer=snap,
-  ptrace (read) peer=unconfined,
+  ptrace (read) peer=@{systemd},
 
   dbus (send) bus=system path=/org/freedesktop/
          interface=org.freedesktop.login1.Manager
diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd
index ab62573b..8cbd0850 100644
--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@@ -54,6 +54,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   umount @{run}/udisks2/temp-mount-*/,
   umount /media/cdrom[0-9]/,
 
+  signal (receive) set=(int) peer=@{systemd},
+
   dbus (send,receive) bus=system path=/
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect,
diff --git a/apparmor.d/tunables/multiarch.d/apparmor.d b/apparmor.d/tunables/multiarch.d/apparmor.d
index 70e16dcc..c9c8c5ad 100644
--- a/apparmor.d/tunables/multiarch.d/apparmor.d
+++ b/apparmor.d/tunables/multiarch.d/apparmor.d
@@ -53,3 +53,6 @@
 # Common places for binaries and libraries across distributions
 @{bin}=/{,usr/}{,s}bin
 @{lib}=/{,usr/}lib{,exec,32,64}
+
+# Name of the systemd profile: unconfined || systemd
+@{systemd}=unconfined