diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center
index aea86106..154aff58 100644
--- a/apparmor.d/groups/gnome/gnome-control-center
+++ b/apparmor.d/groups/gnome/gnome-control-center
@@ -72,7 +72,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   /usr/share/language-tools/language2locale      rix,
   /usr/share/language-tools/language-options    rPUx,
 
-  @{open_path}                                   rPx -> child-open-browsers,
+  @{open_path}                                   rPx -> child-open-any,
 
   /opt/**/share/icons/{,**} r,
   /snap/*/@{int}/**.png r,
@@ -124,6 +124,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw,
   owner @{user_share_dirs}/icc/{,edid-*} r,
 
+  owner @{tmp}/@{hex12}@{h} rw,
+  owner @{tmp}/@{rand8} rw,
   owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw,
 
         @{run}/samba/ rw,
@@ -160,6 +162,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
         @{PROC}/cmdline r,
         @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
         @{PROC}/zoneinfo r,
+        @{PROC}/1/cgroup r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/fd/ r,
@@ -187,9 +190,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
 
   profile pkexec {
     include <abstractions/base>
-  
-    @{bin}/pkexec mr,
-  
+    include <abstractions/app/pkexec>
     include if exists <local/gnome-control-center_pkexec>
   }
 
diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime
index d125cd13..5c3b768f 100644
--- a/apparmor.d/groups/gnome/gsd-datetime
+++ b/apparmor.d/groups/gnome/gsd-datetime
@@ -12,8 +12,15 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-session>
   include <abstractions/bus/org.gnome.SessionManager>
   include <abstractions/dconf-write>
+  include <abstractions/nameservice-strict>
 
-  signal (receive) set=(term, hup) peer=gdm*,
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  signal receive set=(term, hup) peer=gdm*,
 
   #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Datetime
 
@@ -34,6 +41,8 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
 
   owner @{user_cache_dirs}/geocode-glib/* r,
 
+  @{run}/systemd/sessions/@{int} r,
+  @{run}/systemd/users/@{uid} r,
   owner @{PROC}/@{pid}/fdinfo/@{int} r,
   owner @{PROC}/@{pid}/stat r,