diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index 9d75446c..868a85f4 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -12,6 +12,8 @@ profile tracker-extract @{exec_path} {
   include <abstractions/gstreamer>
   include <abstractions/openssl>
 
+  network netlink raw,
+
   @{exec_path} mr,
 
   /usr/share/tracker3/{,**} r,
@@ -36,5 +38,7 @@ profile tracker-extract @{exec_path} {
 
   /tmp/tracker-extract-3-files.*/{,*} rw,
 
+  @{run}/udev/data/c236:* r,
+
   include if exists <local/tracker-extract>
 }
diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent
index 2476e1f4..52a95222 100644
--- a/apparmor.d/groups/gpg/gpg-agent
+++ b/apparmor.d/groups/gpg/gpg-agent
@@ -17,7 +17,7 @@ profile gpg-agent @{exec_path} {
   @{exec_path} mr,
 
   /{usr/,}lib/gnupg/scdaemon rPx,
-  /{usr/,}bin/pinentry-*     rPx,
+  /{usr/,}bin/pinentry{,-*}  rPx,
 
   /usr/share/gnupg/* r,
 
diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp
index 2d073182..4d665980 100644
--- a/apparmor.d/groups/gvfs/gvfsd-mtp
+++ b/apparmor.d/groups/gvfs/gvfsd-mtp
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2021 Mikhail Morfikov
+#               2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -18,6 +19,8 @@ profile gvfsd-mtp @{exec_path} {
 
   @{exec_path} mr,
 
+  owner @{run}/user/@{uid}/gvfsd/socket-* rw,
+
   include <abstractions/dconf>
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
diff --git a/apparmor.d/profiles-a-l/browserpass b/apparmor.d/profiles-a-l/browserpass
index b34a3f38..44b3dc39 100644
--- a/apparmor.d/profiles-a-l/browserpass
+++ b/apparmor.d/profiles-a-l/browserpass
@@ -32,7 +32,7 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
   deny network inet6 stream,
   deny network inet stream,
   deny owner @{user_share_dirs}/gvfs-metadata/{,**} r,
-  deny owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} r,
+  deny owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rw,
   deny /dev/dri/card[0-9]* rw,
 
   include if exists <local/browserpass>
diff --git a/apparmor.d/profiles-a-l/fc-cache b/apparmor.d/profiles-a-l/fc-cache
index d7eae851..1542efa8 100644
--- a/apparmor.d/profiles-a-l/fc-cache
+++ b/apparmor.d/profiles-a-l/fc-cache
@@ -19,5 +19,9 @@ profile fc-cache @{exec_path} {
   /var/cache/fontconfig/*.cache-[0-9]*.LCK rwl,
   /var/cache/fontconfig/CACHEDIR.TAG.LCK rwl,
 
+  # Silencer
+  deny network inet6 stream,
+  deny network inet stream,
+
   include if exists <local/fc-cache>
 }
diff --git a/apparmor.d/profiles-a-l/gitstatusd b/apparmor.d/profiles-a-l/gitstatusd
index efdbc758..abe5b7c0 100644
--- a/apparmor.d/profiles-a-l/gitstatusd
+++ b/apparmor.d/profiles-a-l/gitstatusd
@@ -13,10 +13,13 @@ profile gitstatusd @{exec_path} {
   @{exec_path} mr,
 
   owner @{HOME}/@{XDG_PROJECTS_DIR}/{,**} r,
-  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/.git/.gitstatus.[a-zA-Z]*/{,**} rw,
+  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/.git/.gitstatus.[0-9a-zA-Z]*/{,**} rw,
 
   owner @{HOME}/.gitconfig r,
   owner @{user_config_dirs}/git/{,*} r,
 
+  # Silencer
+  deny owner @{HOME}/.*-store/{,**} r,
+
   include if exists <local/gitstatusd>
 }
diff --git a/apparmor.d/profiles-m-z/pkcs11-register b/apparmor.d/profiles-m-z/pkcs11-register
index 8d70f557..9f9a510b 100644
--- a/apparmor.d/profiles-m-z/pkcs11-register
+++ b/apparmor.d/profiles-m-z/pkcs11-register
@@ -14,9 +14,10 @@ profile pkcs11-register @{exec_path} {
 
   /etc/opensc.conf r,
 
-  owner @{HOME}/.pki/nssdb/pkcs11.txt r,
-  owner @{HOME}/.mozilla/firefox/profiles.ini r,
   owner @{HOME}/.mozilla/firefox/*/pkcs11.txt r,
+  owner @{HOME}/.mozilla/firefox/profiles.ini r,
+  owner @{HOME}/.pki/nssdb/pkcs11.txt r,
+  owner @{HOME}/.thunderbird/*/pkcs11.txt r,
   owner @{HOME}/.thunderbird/profiles.ini r,
 
   include if exists <local/pkcs11-register>
diff --git a/apparmor.d/profiles-m-z/rngd b/apparmor.d/profiles-m-z/rngd
index 3fad4942..4fef8e50 100644
--- a/apparmor.d/profiles-m-z/rngd
+++ b/apparmor.d/profiles-m-z/rngd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/rngd
 profile rngd @{exec_path} {
   include <abstractions/base>
+  include <abstractions/devices-usb>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -28,12 +29,8 @@ profile rngd @{exec_path} {
   @{PROC}/sys/kernel/random/poolsize r,
   @{PROC}/sys/kernel/random/write_wakeup_threshold rw,
 
-  /dev/ r,
   /dev/hwrng r,
   /dev/random w,
 
-  @{sys}/bus/ r,
-  @{sys}/class/ r,
-
   include if exists <local/rngd>
 }
diff --git a/apparmor.d/profiles-m-z/smartctl b/apparmor.d/profiles-m-z/smartctl
index d833b884..44ee84ad 100644
--- a/apparmor.d/profiles-m-z/smartctl
+++ b/apparmor.d/profiles-m-z/smartctl
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
+#               2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -12,13 +13,12 @@ profile smartctl @{exec_path} {
   include <abstractions/consoles>
   include <abstractions/disks-read>
 
-  # To remove the following errors:
-  #  Probable ATA device behind a SAT layer
-  #  Try an additional '-d ata' or '-d sat' argument.
+  capability sys_admin,
   capability sys_rawio,
 
   @{exec_path} mr,
 
+  /usr/share/smartmontools/** r,
   /var/lib/smartmontools/** r,
 
   include if exists <local/smartctl>
diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager
index c3f1546e..d2d90848 100644
--- a/apparmor.d/profiles-m-z/virt-manager
+++ b/apparmor.d/profiles-m-z/virt-manager
@@ -9,7 +9,7 @@ include <tunables/global>
 
 @{exec_path}  = /{usr/,}bin/virt-manager
 @{exec_path} += /usr/share/virt-manager/virt-manager
-profile virt-manager @{exec_path} {
+profile virt-manager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/X>
   include <abstractions/vulkan>
@@ -38,13 +38,25 @@ profile virt-manager @{exec_path} {
   /{usr/,}bin/python3.[0-9]* r,
 
   /{usr/,}bin/ r,
+  /{usr/,}bin/env       rix,
   /{usr/,}bin/getfacl   rix,
   /{usr/,}bin/setfacl   rix,
 
   /{usr/,}{s,}bin/libvirtd rPx,
 
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/gtksourceview-4/{,**} r,
+  /usr/share/hwdata/*.ids r,
+  /usr/share/ladspa/rdf/{,ladspa.rdfs} r,
+  /usr/share/misc/*.ids r,
+  /usr/share/osinfo/{,**} r,
   /usr/share/virt-manager/{,**} r,
   /usr/share/virtio/{,*} r,
+  /var/lib/usbutils/*.ids r,
+
+  /etc/fstab r,
+  /etc/libnl/classid r,
+  /etc/libva.conf r,
 
   owner @{HOME}/ r,
   owner @{user_cache_dirs}/ rw,
@@ -60,7 +72,7 @@ profile virt-manager @{exec_path} {
   @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} r,
 
   # System VM images
-  #owner /var/lib/libvirt/images/ r,
+  /var/lib/libvirt/images/{,**} rw,
 
   # User VM images
   owner @{user_share_dirs}/ r,
@@ -68,23 +80,13 @@ profile virt-manager @{exec_path} {
   owner @{HOME}/@{XDG_VM_DIR}/{,**} rw,
   owner @{MOUNTS}/*/@{XDG_VM_DIR}/{,**} rw,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-
-  /usr/share/osinfo/{,**} r,
-  /usr/share/gtksourceview-4/{,**} r,
-
-  /usr/share/hwdata/*.ids r,
-  /usr/share/misc/*.ids r,
-  /var/lib/usbutils/*.ids r,
-
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/@{pid}/net/route r,
 
   @{sys}/devices/pci[0-9]*/**/drm/ r,
-
-  /etc/fstab r,
+  @{sys}/devices/virtual/drm/ttm/uevent r,
 
         @{run}/mount/utab r,