diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write
index 24bead1f..b539ddad 100644
--- a/apparmor.d/abstractions/fontconfig-cache-write
+++ b/apparmor.d/abstractions/fontconfig-cache-write
@@ -26,6 +26,11 @@
         /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*}  r,
   deny  /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*}  w,
 
+  owner /var/cache/fontconfig/{,**} rw,
+  owner /var/cache/fontconfig/*.cache-[0-9]* rwk,
+  owner /var/cache/fontconfig/*.cache-[0-9]*.LCK rwl,
+  owner /var/cache/fontconfig/CACHEDIR.TAG.LCK rwl,
+
   # For fonts downloaded via font-manager (###FIXME### when they fix resolving of vars)
   owner @{user_share_dirs}/fonts/ rw,
   owner @{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*} rw,
diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete
index d645981d..bef2e478 100644
--- a/apparmor.d/abstractions/python.d/complete
+++ b/apparmor.d/abstractions/python.d/complete
@@ -3,11 +3,11 @@
 #               2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  /usr/bin/python{2.[4-7],3,3.[0-9]} r,
+  /{usr/,}bin/python{2.[4-7],3,3.[0-9]*} r,
 
-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/**/ r,
+  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]*}/{site,dist}-packages/**/ r,
 
-  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so}              mr,
-  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth}          r,
-  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/    r,
-  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/**/ r,
+  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]*}/**.{pyc,so}              mr,
+  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]*}/**.{egg,py,pth}          r,
+  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]*}/{site,dist}-packages/    r,
+  owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9]*}/{site,dist}-packages/**/ r,
diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index ab99d403..6ef0511d 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -86,10 +86,11 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   /{usr/,}lib/mozilla/plugins/ r,
   /{usr/,}lib/mozilla/plugins/libvlcplugin.so mr,
   /usr/share/doc/{,**} r,
+  /usr/share/egl/{,**} r,
   /usr/share/firefox/{,**} r,
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/mozilla/extensions/{,**} r,
   /usr/share/webext/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/firefox/{,**} r,
   /etc/fstab r,
diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3
index 46d110a3..2da99ebe 100644
--- a/apparmor.d/groups/bus/ibus-extension-gtk3
+++ b/apparmor.d/groups/bus/ibus-extension-gtk3
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/ibus/ibus-extension-gtk3
 profile ibus-extension-gtk3 @{exec_path} {
   include <abstractions/base>
+  include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>
   include <abstractions/gtk>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index 03423757..5d4d1394 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -13,6 +13,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   include <abstractions/audio>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
+  include <abstractions/fontconfig-cache-write>
   include <abstractions/gnome>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/pacman/pacman-hook-dconf b/apparmor.d/groups/pacman/pacman-hook-dconf
index 9fe6d292..a4f0d2fa 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dconf
+++ b/apparmor.d/groups/pacman/pacman-hook-dconf
@@ -10,6 +10,8 @@ include <tunables/global>
 profile pacman-hook-dconf @{exec_path} {
   include <abstractions/base>
 
+  capability dac_read_search,
+
   @{exec_path} mr,
 
   /{usr/,}bin/bash  rix,
diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep
index 70d6f09b..f2337965 100644
--- a/apparmor.d/groups/systemd/systemd-sleep
+++ b/apparmor.d/groups/systemd/systemd-sleep
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/systemd/systemd-sleep
 profile systemd-sleep @{exec_path} {
   include <abstractions/base>
+  include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
   capability net_admin,
diff --git a/apparmor.d/profiles-a-f/browserpass b/apparmor.d/profiles-a-f/browserpass
index e08db750..739a7241 100644
--- a/apparmor.d/profiles-a-f/browserpass
+++ b/apparmor.d/profiles-a-f/browserpass
@@ -36,6 +36,7 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
   deny network inet stream,
   deny owner @{user_share_dirs}/gvfs-metadata/{,**} r,
   deny owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rw,
+  deny owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
   deny /dev/dri/card[0-9]* rw,
   deny /dev/dri/renderD128 rw,
 
diff --git a/apparmor.d/profiles-g-l/gtk-query-immodules b/apparmor.d/profiles-g-l/gtk-query-immodules
index 641de778..a458d6af 100644
--- a/apparmor.d/profiles-g-l/gtk-query-immodules
+++ b/apparmor.d/profiles-g-l/gtk-query-immodules
@@ -10,10 +10,13 @@ include <tunables/global>
 profile gtk-query-immodules @{exec_path} {
   include <abstractions/base>
 
+  capability dac_override,
+  capability dac_override,
+
   @{exec_path} mr,
 
-  /{usr/,}lib/gtk-{3,4}.0/**/immodules.cache w,
-  /{usr/,}lib/gtk-{3,4}.0/**/immodules.cache.[0-9A-Z]* w,
+  /{usr/,}lib/gtk-{2,3,4}.0/**/immodules.cache w,
+  /{usr/,}lib/gtk-{2,3,4}.0/**/immodules.cache.[0-9A-Z]* w,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/profiles-s-z/udiskie b/apparmor.d/profiles-s-z/udiskie
index 31c3ea0a..1aa1a2ae 100644
--- a/apparmor.d/profiles-s-z/udiskie
+++ b/apparmor.d/profiles-s-z/udiskie
@@ -23,7 +23,7 @@ profile udiskie @{exec_path} {
   include <abstractions/deny-root-dir-access>
 
   @{exec_path} r,
-  /{usr/,}bin/python3.[0-9] r,
+  /{usr/,}bin/python3.[0-9]* r,
 
   /{usr/,}bin/ r,
   /{usr/,}bin/xdg-open rCx -> open,
diff --git a/apparmor.d/profiles-s-z/udiskie-info b/apparmor.d/profiles-s-z/udiskie-info
index 3c3c709d..9e1e52d1 100644
--- a/apparmor.d/profiles-s-z/udiskie-info
+++ b/apparmor.d/profiles-s-z/udiskie-info
@@ -12,7 +12,7 @@ profile udiskie-info @{exec_path} {
   include <abstractions/python>
 
   @{exec_path} r,
-  /{usr/,}bin/python3.[0-9] r,
+  /{usr/,}bin/python3.[0-9]* r,
 
   /usr/bin/ r,
 
diff --git a/apparmor.d/profiles-s-z/udiskie-mount b/apparmor.d/profiles-s-z/udiskie-mount
index 9ffbf606..c5bd22be 100644
--- a/apparmor.d/profiles-s-z/udiskie-mount
+++ b/apparmor.d/profiles-s-z/udiskie-mount
@@ -12,7 +12,7 @@ profile udiskie-mount @{exec_path} {
   include <abstractions/python>
 
   @{exec_path} r,
-  /{usr/,}bin/python3.[0-9] r,
+  /{usr/,}bin/python3.[0-9]* r,
 
   /usr/bin/ r,
 
diff --git a/apparmor.d/profiles-s-z/udiskie-umount b/apparmor.d/profiles-s-z/udiskie-umount
index d7f14266..d04e6856 100644
--- a/apparmor.d/profiles-s-z/udiskie-umount
+++ b/apparmor.d/profiles-s-z/udiskie-umount
@@ -12,7 +12,7 @@ profile udiskie-umount @{exec_path} {
   include <abstractions/python>
 
   @{exec_path} r,
-  /{usr/,}bin/python3.[0-9] r,
+  /{usr/,}bin/python3.[0-9]* r,
 
   /usr/bin/ r,