diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app
index b0bd4cda..5de712c5 100644
--- a/apparmor.d/groups/gnome/gnome-extensions-app
+++ b/apparmor.d/groups/gnome/gnome-extensions-app
@@ -15,6 +15,7 @@ profile gnome-extensions-app @{exec_path} {
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
   include <abstractions/opencl>
   include <abstractions/vulkan>
 
diff --git a/apparmor.d/groups/gnome/gnome-music b/apparmor.d/groups/gnome/gnome-music
index f82dfbb1..304741db 100644
--- a/apparmor.d/groups/gnome/gnome-music
+++ b/apparmor.d/groups/gnome/gnome-music
@@ -45,7 +45,7 @@ profile gnome-music @{exec_path} {
   owner @{user_music_dirs}/{,**} r,
 
   owner @{user_cache_dirs}/gnome-music/{,**} rwk,
-  owner @{user_cache_dirs}/media-art/album-*.jpeg rw,
+  owner @{user_cache_dirs}/media-art/{,*} rw,
   owner @{user_share_dirs}/grilo-plugins/ rwk,
   owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
 
@@ -54,6 +54,7 @@ profile gnome-music @{exec_path} {
 
   owner /tmp/grilo-plugin-cache-[0-9A-Z]*/ rw,
 
+  owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/mounts r,
 
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
diff --git a/apparmor.d/groups/gnome/gnome-tweaks b/apparmor.d/groups/gnome/gnome-tweaks
index 67693da9..894c9d27 100644
--- a/apparmor.d/groups/gnome/gnome-tweaks
+++ b/apparmor.d/groups/gnome/gnome-tweaks
@@ -37,7 +37,7 @@ profile gnome-tweaks @{exec_path} {
   owner @{user_share_dirs}/backgrounds/{,**} r,
   owner @{user_share_dirs}/gnome-shell/extensions/**/schemas/* r,
   owner @{user_share_dirs}/recently-used.xbel* rw,
-  owner @{user_share_dirs}/sounds/ r,
+  owner @{user_share_dirs}/sounds/{,**} r,
 
   owner @{PROC}/@{pid}/fd/ r,
 
diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
index 08d959c0..49bb73fb 100644
--- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
+++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
@@ -9,7 +9,7 @@ include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor
 @{exec_path} += @{libexec}/gvfs-udisks2-volume-monitor
-profile gvfs-udisks2-volume-monitor @{exec_path} {
+profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
@@ -19,6 +19,8 @@ profile gvfs-udisks2-volume-monitor @{exec_path} {
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
 
+  capability sys_ptrace,
+
   network inet stream,
   network inet6 stream,
   network netlink raw,
@@ -74,18 +76,22 @@ profile gvfs-udisks2-volume-monitor @{exec_path} {
   owner @{HOME}/**/ r,
 
   @{run}/mount/utab r,
+  @{run}/systemd/inhibit/*.ref r,
   @{run}/systemd/sessions/* r,
 
+        @{PROC}/ r,
+        @{PROC}/@{pids}/net/* r,
+        @{PROC}/@{pids}/stat r,
+        @{PROC}/1/cgroup r,
+        @{PROC}/locks r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/fdinfo/[0-9]* r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
-        @{PROC}/@{pids}/net/* r,
-        @{PROC}/ r,
-        @{PROC}/@{pids}/stat r,
-        @{PROC}/1/cgroup r,
-        @{PROC}/locks r,
+
+  /dev/dri/card[0-9]* r,
+  /dev/input/event[0-9]* r,
 
   include if exists <local/gvfs-udisks2-volume-monitor>
 }
diff --git a/apparmor.d/groups/systemd/systemd-journald b/apparmor.d/groups/systemd/systemd-journald
index db9be2e5..03f02c4e 100644
--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@@ -48,7 +48,7 @@ profile systemd-journald @{exec_path} {
   @{run}/udev/data/+usb:*       r,
   @{run}/udev/data/+virtio:*    r,
   @{run}/udev/data/c1:[0-9]*    r,
-  @{run}/udev/data/c10:224      r, # for /dev/tpm0
+  @{run}/udev/data/c10:[0-9]*   r, # for /dev/tpm0
   @{run}/udev/data/c189:[0-9]*  r, # for /dev/bus/usb/**
   @{run}/udev/data/c23[0-9]:[0-9]* r,
   @{run}/udev/data/c24[0-9]:[0-9]* r,
diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser
index 42eb0743..694853bf 100644
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@@ -18,6 +18,7 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
   /etc/apparmor/{,**} r,
   /etc/apparmor.d/{,**} r,
   /etc/apparmor.d/cache.d/{,**} rw,
+  /etc/apparmor/earlypolicy/{,**} rw,
 
   /usr/share/apparmor-features/{,**} r,
   /usr/share/apparmor/{,**} r,
diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted
index 231f15b9..b17e27d3 100644
--- a/apparmor.d/profiles-g-l/gparted
+++ b/apparmor.d/profiles-g-l/gparted
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -11,20 +12,23 @@ profile gparted @{exec_path} {
   include <abstractions/base>
 
   @{exec_path} r,
+
+  /{usr/,}{s,}bin/          r,
   /{usr/,}bin/{,ba,da}sh  rix,
-
-  /{usr/,}{s,}bin/           r,
-  /{usr/,}{s,}bin/gpartedbin rPx,
-  @{libexec}/gpartedbin      rPx,
-
-  /{usr/,}bin/            r,
   /{usr/,}bin/{,e}grep    rix,
+  /{usr/,}bin/{m,g,}awk   rix,
   /{usr/,}bin/cut         rix,
   /{usr/,}bin/id          rix,
-  /{usr/,}bin/sed         rix,
+  /{usr/,}bin/ls          rix,
   /{usr/,}bin/mkdir       rix,
+  /{usr/,}bin/pidof       rix,
   /{usr/,}bin/rm          rix,
-  /{usr/,}bin/{m,g,}awk   rix,
+  /{usr/,}bin/sed         rix,
+  /{usr/,}bin/touch       rix,
+
+  /{usr/,}{s,}bin/gpartedbin     rPx,
+  @{libexec}/gparted/gpartedbin  rPx,
+  @{libexec}/gpartedbin          rPx,
 
   /{usr/,}lib/udisks2/udisks2-inhibit  rix,
   @{libexec}/udisks2/udisks2-inhibit rix,
diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin
index b183d911..3e16c996 100644
--- a/apparmor.d/profiles-g-l/gpartedbin
+++ b/apparmor.d/profiles-g-l/gpartedbin
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -8,6 +9,7 @@ include <tunables/global>
 
 @{exec_path} = /{usr/,}{s,}bin/gpartedbin
 @{exec_path} += @{libexec}/gpartedbin
+@{exec_path} += @{libexec}/gparted/gpartedbin
 profile gpartedbin @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga
index 9c2550a9..db143210 100644
--- a/apparmor.d/profiles-m-r/qemu-ga
+++ b/apparmor.d/profiles-m-r/qemu-ga
@@ -24,6 +24,9 @@ profile qemu-ga @{exec_path} {
 
   owner @{run}/qga.state* rw,
 
+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node*/meminfo r,
+
   /dev/vport[0-9]*p[0-9]* rw,
 
   include if exists <local/qemu-ga>
diff --git a/apparmor.d/profiles-s-z/xauth b/apparmor.d/profiles-s-z/xauth
index 6c098fc5..71388754 100644
--- a/apparmor.d/profiles-s-z/xauth
+++ b/apparmor.d/profiles-s-z/xauth
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2020-2021 Mikhail Morfikov
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,