diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop
index 8e6d80f9..639b7a14 100644
--- a/apparmor.d/groups/gnome/gio-launch-desktop
+++ b/apparmor.d/groups/gnome/gio-launch-desktop
@@ -14,7 +14,7 @@ include <tunables/global>
 
 @{exec_path}  = @{bin}/gio
 @{exec_path} += @{bin}/gio-launch-desktop @{lib}/gio-launch-desktop
-@{exec_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop
+@{exec_path} += @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop
 profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/app-launcher-user>
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index 962897ea..2f00b527 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -59,8 +59,8 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   @{lib}/gnome-session-check-accelerated-gles-helper   rix,
   @{lib}/gnome-session-failed                          rix,
 
-  @{lib}/gio-launch-desktop                            rCx -> open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop   rCx -> open,
+  @{lib}/gio-launch-desktop                               rCx -> open,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  rCx -> open,
 
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
@@ -112,7 +112,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
 
     @{bin}/env rix,
     @{sh_path} r,
-    @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop      mr,
+    @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  mr,
     @{lib}/gio-launch-desktop                               mr,
 
     @{lib}/**                     PUx,
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index d39c25b2..256309ab 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -184,9 +184,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{lib}/mutter-x11-frames      rPx,
   #aa:exec polkit-agent-helper
 
-  @{sh_path}                                           rCx -> shell,
-  @{lib}/gio-launch-desktop                            rCx -> open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop   rCx -> open,
+  @{sh_path}                                              rCx -> shell,
+  @{lib}/gio-launch-desktop                               rCx -> open,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  rCx -> open,
   
   # nm-openvpn-auth-dialog
   @{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
@@ -409,7 +409,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
     network inet stream,
     network unix stream,
 
-    @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop      mr,
+    @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  mr,
     @{lib}/gio-launch-desktop                               mr,
 
     @{lib}/**                     PUx,
diff --git a/apparmor.d/groups/xfce/xfce-panel b/apparmor.d/groups/xfce/xfce-panel
index 44c9be03..44f237f4 100644
--- a/apparmor.d/groups/xfce/xfce-panel
+++ b/apparmor.d/groups/xfce/xfce-panel
@@ -20,7 +20,7 @@ profile xfce-panel @{exec_path} {
   @{bin}/exo-open                                     rix,
   @{bin}/xfce4-mime-helper                            rix,
   @{lib}/{,@{multiarch}/}xfce4/panel/wrapper-2.0      rix,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop  rix,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  rix,
   @{lib}/gio-launch-desktop                           rix,
 
   @{bin}/sudo rCx -> root,
diff --git a/apparmor.d/profiles-a-f/exo-open b/apparmor.d/profiles-a-f/exo-open
index 7d265e56..04d5f8b3 100644
--- a/apparmor.d/profiles-a-f/exo-open
+++ b/apparmor.d/profiles-a-f/exo-open
@@ -19,10 +19,10 @@ profile exo-open @{exec_path} {
 
   @{exec_path} mr,
 
-  @{lib}/@{multiarch}/xfce4/exo-[0-9]/exo-helper-[0-9] rPx,
+  @{lib}/@{multiarch}/xfce4/exo-@{version}/exo-helper-@{version} rPx,
 
   # It looks like gio-launch-desktop decides what app should be opened
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop rPx,
 
   owner @{PROC}/@{pid}/fd/ r,
 
diff --git a/apparmor.d/profiles-g-l/gsmartcontrol b/apparmor.d/profiles-g-l/gsmartcontrol
index f6f6b300..ec3dcff9 100644
--- a/apparmor.d/profiles-g-l/gsmartcontrol
+++ b/apparmor.d/profiles-g-l/gsmartcontrol
@@ -63,7 +63,7 @@ profile gsmartcontrol @{exec_path} {
   # The Help menu (and links in it) requires access to a web browser. Since gsmartcontrol is run as
   # root (even when used sudo or gsmartcontrol-root), the web browser will also be run as root and
   # hence this behavior should be blocked.
-  deny @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rx,
+  deny @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop rx,
 
 
   profile dbus {
diff --git a/apparmor.d/profiles-g-l/gtk-youtube-viewer b/apparmor.d/profiles-g-l/gtk-youtube-viewer
index 96b11446..9d2bc322 100644
--- a/apparmor.d/profiles-g-l/gtk-youtube-viewer
+++ b/apparmor.d/profiles-g-l/gtk-youtube-viewer
@@ -40,8 +40,8 @@ profile gtk-youtube-viewer @{exec_path} {
 
   @{lib}/firefox/firefox  rPx,
 
-  @{bin}/xdg-open                                    rCx -> open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
+  @{bin}/xdg-open                                         rCx -> open,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop  rCx -> open,
 
   owner @{user_config_dirs}/youtube-viewer/{,*} rw,
 
diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader
index 424074da..9dc2ed22 100644
--- a/apparmor.d/profiles-g-l/jdownloader
+++ b/apparmor.d/profiles-g-l/jdownloader
@@ -95,7 +95,7 @@ profile jdownloader @{exec_path} {
 
   # To open a web browser for CAPTCHA
   @{bin}/xdg-open                                    rCx -> open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop rCx -> open,
 
 
   profile open {
@@ -103,7 +103,7 @@ profile jdownloader @{exec_path} {
     include <abstractions/xdg-open>
 
     @{bin}/xdg-open mr,
-    @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr,
+    @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop mr,
 
     @{sh_path}             rix,
     @{bin}/{m,g,}awk       rix,
diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage
index 571532b4..39e96058 100644
--- a/apparmor.d/profiles-m-r/orage
+++ b/apparmor.d/profiles-m-r/orage
@@ -23,7 +23,7 @@ profile orage @{exec_path} {
 
   @{bin}/xdg-open   rCx -> open,
   @{bin}/exo-open   rCx -> open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
+  @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop rCx -> open,
 
   owner @{user_config_dirs}/orage/ rw,
   owner @{user_config_dirs}/orage/* rw,
diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths
index 69ca70ef..a98f28ae 100644
--- a/apparmor.d/tunables/multiarch.d/paths
+++ b/apparmor.d/tunables/multiarch.d/paths
@@ -33,7 +33,7 @@
 # Open
 @{open_path}  = @{bin}/exo-open @{bin}/xdg-open @{bin}/gio @{bin}/kde-open
 @{open_path} += @{bin}/gio-launch-desktop @{lib}/gio-launch-desktop
-@{open_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop
+@{open_path} += @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop
 
 # File explorers
 @{file_explorers_path} = @{bin}/@{file_explorers_names}
diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
index aaebe5ed..b2e1a3b0 100644
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@@ -61,6 +61,9 @@
 @{user}=[a-zA-Z_]{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}
 @{group}=@{user}
 
+# Semantic version
+@{version}=@{int}{.@{int},}{.@{int},}{-@{rand},}
+
 # Shortcut for PCI device
 @{pci_id}=@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}
 @{pci_bus}=pci@{h}@{h}@{h}@{h}:@{h}@{h}
diff --git a/docs/variables.md b/docs/variables.md
index b45df411..6104e503 100644
--- a/docs/variables.md
+++ b/docs/variables.md
@@ -135,5 +135,5 @@ title: Variables References
 | Shells path | `@{shells_path}` | `@{bin}/@{shells}` |
 | Coreutils programs that should not have dedicated profile | `@{coreutils}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L46) |
 | Coreutils paths | `@{coreutils_path}` | `@{bin}/@{coreutils}` |
-| Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop`
+| Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-@{version}/gio-launch-desktop @{lib}/gio-launch-desktop`
 | All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11)
diff --git a/pkg/aa/apparmor.go b/pkg/aa/apparmor.go
index 75c009c8..ad391598 100644
--- a/pkg/aa/apparmor.go
+++ b/pkg/aa/apparmor.go
@@ -33,6 +33,7 @@ func DefaultTunables() *AppArmorProfileFile {
 	return &AppArmorProfileFile{
 		Preamble: Rules{
 			&Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true},
+			&Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true},
 			&Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},
 			&Variable{Name: "HOME", Values: []string{"/home/*"}, Define: true},
 			&Variable{Name: "int", Values: []string{"[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}"}, Define: true},
@@ -40,11 +41,13 @@ func DefaultTunables() *AppArmorProfileFile {
 			&Variable{Name: "lib", Values: []string{"/{,usr/}lib{,exec,32,64}"}, Define: true},
 			&Variable{Name: "MOUNTS", Values: []string{"/media/*/", "/run/media/*/*/", "/mnt/*/"}, Define: true},
 			&Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true},
+			&Variable{Name: "rand", Values: []string{"@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}"}, Define: true}, // Up to 10 characters
 			&Variable{Name: "run", Values: []string{"/run/", "/var/run/"}, Define: true},
 			&Variable{Name: "uid", Values: []string{"{[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}"}, Define: true},
 			&Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true},
 			&Variable{Name: "user_config_dirs", Values: []string{"/home/*/.config"}, Define: true},
 			&Variable{Name: "user_share_dirs", Values: []string{"/home/*/.local/share"}, Define: true},
+			&Variable{Name: "version", Values: []string{"@{int}{.@{int},}{.@{int},}{-@{rand},}"}, Define: true},
 		},
 	}
 }