diff --git a/apparmor.d/groups/gnome/gcr-ssh-agent b/apparmor.d/groups/gnome/gcr-ssh-agent
index 132a1bad..ba5e54c2 100644
--- a/apparmor.d/groups/gnome/gcr-ssh-agent
+++ b/apparmor.d/groups/gnome/gcr-ssh-agent
@@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm
index 4750fe79..1c04459f 100644
--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@@ -50,7 +50,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
   @{lib}/{,gdm/}gdm-session-worker rPx,
   /etc/gdm{3,}/PrimeOff/Default    rix,
 
-  /usr/share/gdm/gdm.schemas r,
+  /usr/share/gdm{3,}/gdm.schemas r,
   /usr/share/wayland-sessions/*.desktop r,
   /usr/share/xsessions/*.desktop r,
 
@@ -63,14 +63,14 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
 
   /var/{lib,log}/gdm{3,}/ rw,
 
-  @{run}/gdm{3,}.pid rw,
-  @{run}/gdm{3,}/ rw,
-  @{run}/gdm{3,}/custom.conf r,
-  @{run}/gdm{3,}/gdm.pid rw,
-  @{run}/gdm{3,}/greeter/ rw,
-  @{run}/systemd/seats/seat@{int} r,
-  @{run}/systemd/sessions/* r,
-  @{run}/systemd/users/@{uid} r,
+        @{run}/gdm{3,}/greeter/ rw,
+        @{run}/systemd/seats/seat@{int} r,
+        @{run}/systemd/sessions/* r,
+        @{run}/systemd/users/@{uid} r,
+  owner @{run}/gdm{3,}.pid rw,
+  owner @{run}/gdm{3,}/ rw,
+  owner @{run}/gdm{3,}/custom.conf r,
+  owner @{run}/gdm{3,}/gdm.pid rw,
 
   @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+pci:* r,              # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
diff --git a/apparmor.d/groups/gnome/gdm-generate-config b/apparmor.d/groups/gnome/gdm-generate-config
index 3d277728..676c66eb 100644
--- a/apparmor.d/groups/gnome/gdm-generate-config
+++ b/apparmor.d/groups/gnome/gdm-generate-config
@@ -29,21 +29,22 @@ profile gdm-generate-config @{exec_path} {
   @{bin}/setsid      rix,
 
   /etc/gdm{3,}/* r,
-  /usr/share/gdm/{,**} r,
+  /usr/share/gdm{3,}/{,**} r,
 
-  /var/lib/ r,
-  /var/lib/gdm{3,}/ rw,
-  /var/lib/gdm{3,}/{,**} r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults rw,
-  /var/lib/gdm{3,}/greeter-dconf-defaults.@{rand6} w,
+        /var/lib/ r,
+  owner /var/lib/gdm{3,}/ rw,
+  owner /var/lib/gdm{3,}/{,**} r,
+  owner /var/lib/gdm{3,}/greeter-dconf-defaults rw,
+  owner /var/lib/gdm{3,}/greeter-dconf-defaults.@{rand6} w,
+
+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
 
   @{PROC}/ r,
   @{PROC}/@{pid}/cgroup  r,
   @{PROC}/@{pid}/cmdline r,
   @{PROC}/@{pid}/stat r,
   @{PROC}/uptime r,
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
 
   include if exists <local/gdm-generate-config>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/gnome/gdm-runtime-config b/apparmor.d/groups/gnome/gdm-runtime-config
index 1097e200..5db19b4d 100644
--- a/apparmor.d/groups/gnome/gdm-runtime-config
+++ b/apparmor.d/groups/gnome/gdm-runtime-config
@@ -12,8 +12,8 @@ profile gdm-runtime-config @{exec_path} {
 
   @{exec_path} mr,
 
-  @{run}/gdm{3,}/ rw,
-  @{run}/gdm{3,}/custom.conf{,.@{rand6}} rw,
+  owner @{run}/gdm{3,}/ rw,
+  owner @{run}/gdm{3,}/custom.conf{,.@{rand6}} rw,
 
   include if exists <local/gdm-runtime-config>
 }
diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker
index 44f0220e..bed468de 100644
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@@ -68,6 +68,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/gdm/gdm.schemas r,
   /usr/share/wayland-sessions/*.desktop r,
+  /usr/share/xsessions/gnome-xorg.desktop r,
 
   @{etc_ro}/environment r,
   @{etc_ro}/security/limits.d/{,*.conf} r,
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index c221ca1d..94acb5a1 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -94,7 +94,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   @{lib}/@{multiarch}/xapps/sn-watcher/xapp-sn-watcher  rPUx,
   @{lib}/baloo_file                                      rPx,
   @{lib}/caribou/caribou                                rPUx,
-  @{lib}/deja-dup/deja-dup-monitor                      rPUx,
+  @{lib}/deja-dup/deja-dup-monitor                       rPx,
   @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx,
   @{lib}/gsd-disk-utility-notify                         rPx,
   @{lib}/update-notifier/ubuntu-advantage-notification   rPx,
@@ -129,11 +129,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/autostart/{,*.desktop} r,
   owner @{user_config_dirs}/gnome-session/ rw,
   owner @{user_config_dirs}/gnome-session/saved-session/ rw,
-  owner @{user_config_dirs}/gtk-3.0/bookmarks rw,
-  owner @{user_config_dirs}/gtk-3.0/bookmarks.[0-9A-Z]* rw,
-  owner @{user_config_dirs}/user-dirs.locale r,
   owner @{user_share_dirs}/gnome-shell/gnome-overrides-migrated rw,
-  owner @{user_share_dirs}/session_migration-ubuntu r,
 
         @{run}/systemd/inhibit/[0-9]*.ref rw,
         @{run}/systemd/sessions/* r,
diff --git a/apparmor.d/groups/gnome/gnome-tour b/apparmor.d/groups/gnome/gnome-tour
index 44f87f32..3a31be36 100644
--- a/apparmor.d/groups/gnome/gnome-tour
+++ b/apparmor.d/groups/gnome/gnome-tour
@@ -16,5 +16,7 @@ profile gnome-tour @{exec_path} {
 
   @{exec_path} mr,
 
+  /usr/share/gnome-tour/{,**} r,
+
   include if exists <local/gnome-tour>
 }
\ No newline at end of file