diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue
index 38313fc5..74ded345 100644
--- a/apparmor.d/groups/freedesktop/geoclue
+++ b/apparmor.d/groups/freedesktop/geoclue
@@ -77,6 +77,7 @@ profile geoclue @{exec_path} flags=(attach_disconnected) {
   @{run}/systemd/journal/socket rw,
 
   @{PROC}/@{pids}/cgroup r,
+  @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
 
   include if exists <local/geoclue>
 }
diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire
index 2b5894ff..87459d83 100644
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@@ -75,7 +75,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
   @{sys}/class/ r,
   @{sys}/devices/**/device:*/**/path r,
   @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{idVendor,idProduct,removable,uevent} r,
-  @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
+  @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name,bios_vendor} r,
 
   /dev/media[0-9]* rw,
 
diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy
index 5f7aeec1..38cb02d2 100644
--- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy
+++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy
@@ -13,7 +13,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  owner @{run}/firejail/dbus/[0-9]*/[0-9]*-user rw,
+  owner @{run}/firejail/dbus/[0-9]*/[0-9]*-{system,user} rw,
   owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-[0-9A-Z]* rw,
   owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-[0-9A-Z]* rw,
   owner @{run}/user/@{uid}/webkitgtk/bus-proxy-[0-9A-Z]* rw,
diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory
index a3ca557c..23ccc75d 100644
--- a/apparmor.d/groups/gnome/evolution-addressbook-factory
+++ b/apparmor.d/groups/gnome/evolution-addressbook-factory
@@ -33,11 +33,8 @@ profile evolution-addressbook-factory @{exec_path} {
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.NetworkManager
-       member={CheckPermissions,StateChanged},
-
-  dbus receive bus=system path=/org/freedesktop/NetworkManager
-       interface=org.freedesktop.DBus.Properties
-       member=PropertiesChanged,
+       member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
+       peer=(name=:*, label=NetworkManager),
 
   @{exec_path} mr,
   @{exec_path}-subprocess rix,
diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory
index a830e274..0a6f3e32 100644
--- a/apparmor.d/groups/gnome/evolution-calendar-factory
+++ b/apparmor.d/groups/gnome/evolution-calendar-factory
@@ -29,7 +29,8 @@ profile evolution-calendar-factory @{exec_path} {
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.NetworkManager
-       member={CheckPermissions,StateChanged},
+       member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
+       peer=(name=:*, label=NetworkManager),
 
   dbus (send,receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
        interface={org.freedesktop.DBus.{Introspectable,ObjectManager,Properties},org.gnome.evolution.dataserver.*},
diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry
index 9c25df5e..b128ece4 100644
--- a/apparmor.d/groups/gnome/evolution-source-registry
+++ b/apparmor.d/groups/gnome/evolution-source-registry
@@ -21,6 +21,10 @@ profile evolution-source-registry @{exec_path} {
   network inet6 dgram,
   network netlink raw,
 
+  dbus (receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
+         interface=org.freedesktop.DBus.Introspectable
+         peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/gnome/gnome-contacts-search-provider b/apparmor.d/groups/gnome/gnome-contacts-search-provider
index 5bae8671..d836678e 100644
--- a/apparmor.d/groups/gnome/gnome-contacts-search-provider
+++ b/apparmor.d/groups/gnome/gnome-contacts-search-provider
@@ -22,8 +22,9 @@ profile gnome-contacts-search-provider @{exec_path} {
 
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
+  owner @{user_share_dirs}/folks/{,**/} rw,
+  owner @{user_share_dirs}/folks/relationships.ini rw,
   owner @{user_share_dirs}/mime/mime.cache r,
-  owner @{user_share_dirs}/folks/relationships.ini r,
 
   owner @{PROC}/@{pid}/cmdline r,
 
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index 01fa2513..8c8e00ec 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -505,11 +505,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   /usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
   /usr/share/libinput*/libinput/ r,
   /usr/share/libwacom/{,*.stylus,*.tablet} r,
+  /usr/share/pipewire/client.conf r,
   /usr/share/plymouth/*.png r,
   /usr/share/wallpapers/** r,
   /usr/share/wayland-sessions/{,*.desktop} r,
   /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
-  /usr/share/gnome-packagekit/icons/hicolor/{,**} r,
 
   # freedesktop.org-strict
   /usr/share/*ubuntu/applications/{,**} r,
@@ -518,6 +518,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   /.flatpak-info r,
   /etc/fstab r,
   /etc/udev/hwdb.bin r,
+  /etc/pipewire/client.conf.d/{,**} r,
   /etc/xdg/menus/gnome-applications.menu r,
 
   /var/lib/gdm{3,}/.cache/ w,
@@ -637,11 +638,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r,
   @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
 
-  owner @{PROC}/@{pid}/comm r,
-  owner @{PROC}/@{pid}/fd/ r,
-  owner @{PROC}/@{pid}/mountinfo r,
-  owner @{PROC}/@{pid}/mounts r,
-  owner @{PROC}/@{pid}/task/@{pid}/cmdline r,
         @{PROC}/ r,
         @{PROC}/@{pid}/attr/current r,
         @{PROC}/@{pid}/cgroup r,
@@ -652,6 +648,12 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
         @{PROC}/1/cgroup r,
         @{PROC}/cmdline r,
         @{PROC}/sys/kernel/osrelease r,
+        @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
+  owner @{PROC}/@{pid}/comm r,
+  owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/task/@{pid}/cmdline r,
 
   /dev/input/event[0-9]* rw,
   /dev/media[0-9]* rw,
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index 0d59c21f..191832c1 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -15,6 +15,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/deny-sensitive-home>
   include <abstractions/dri-enumerate>
   include <abstractions/gnome>
+  include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index 89d1147d..f7e68314 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -99,6 +99,7 @@ profile tracker-extract @{exec_path} {
   owner @{user_cache_dirs}/ w,
   owner @{user_cache_dirs}/tracker3/ w,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
+  owner @{user_share_dirs}/gvfs-metadata/** r,
 
   owner /tmp/tracker-extract-3-files.*/{,*} rw,
 
@@ -116,8 +117,6 @@ profile tracker-extract @{exec_path} {
   /dev/dri/renderD128 rw,
   /dev/media[0-9]* r,
   /dev/video[0-9]* rw,
-
-  deny owner @{user_share_dirs}/gvfs-metadata/** r,
   
   # file_inherit
   owner /dev/tty[0-9]* rw,
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index cfd36baf..1e356fe5 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -105,8 +105,9 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
   owner @{MOUNTS}/{,**} r,
   owner /tmp/*/{,**} r,
 
-  owner @{user_config_dirs}/tracker3/{,**} rwk,
+  owner @{user_cache_dirs}/tracker3/ rw,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
+  owner @{user_config_dirs}/tracker3/{,**} rwk,
 
   @{run}/blkid/blkid.tab r,
   @{run}/mount/utab r,
diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
index f59eda04..ccd169e7 100644
--- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
+++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/{,gvfs}/gvfs-afc-volume-monitor
+@{exec_path} = @{libexec}/{,gvfs/}gvfs-afc-volume-monitor
 profile gvfs-afc-volume-monitor @{exec_path} {
   include <abstractions/base>
   include <abstractions/dbus-session-strict>
diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http
index f5b03db8..6d1eeab0 100644
--- a/apparmor.d/groups/gvfs/gvfsd-http
+++ b/apparmor.d/groups/gvfs/gvfsd-http
@@ -26,5 +26,7 @@ profile gvfsd-http @{exec_path} {
 
   owner @{run}/user/@{uid}/gvfsd/socket-* rw,
 
+  @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
+
   include if exists <local/gvfsd-http>
 }
diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager
index d756c784..83820a64 100644
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@@ -109,14 +109,14 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   / r,
   /etc/ r,
+  /etc/iproute2/* r,
   /etc/machine-id r,
-  @{etc_rw}/resolv.conf rw,
-  @{etc_rw}/resolv.conf.[0-9A-Z]* rw,
   /etc/network/interfaces r,
   /etc/network/interfaces.d/{,*} r,
-
   /etc/NetworkManager/{,**} r,
   /etc/NetworkManager/system-connections/{,**} w,
+  @{etc_rw}/resolv.conf rw,
+  @{etc_rw}/resolv.conf.[0-9A-Z]* rw,
 
   /var/lib/iwd/*open* rw,
   /var/lib/NetworkManager/{,**} rw,
@@ -129,6 +129,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   @{run}/network/ifstate r,
   @{run}/NetworkManager/{,**} rw,
+  @{run}/nm-*.pid rw,
   @{run}/nscd/db* rwl,
   @{run}/systemd/inhibit/[0-9]*.ref rw,
   @{run}/systemd/users/@{uid} r,
diff --git a/apparmor.d/groups/pacman/pacman-conf b/apparmor.d/groups/pacman/pacman-conf
index f99affdd..3c69b9b7 100644
--- a/apparmor.d/groups/pacman/pacman-conf
+++ b/apparmor.d/groups/pacman/pacman-conf
@@ -17,6 +17,9 @@ profile pacman-conf @{exec_path} flags=(attach_disconnected) {
   /etc/pacman.d/mirrorlist r,
   /etc/pacman.d/*-mirrorlist r,
 
+  # Inherit Silencer
+  deny network inet6 stream,
+  deny network inet stream,
   deny /apparmor/.null rw,
 
   include if exists <local/pacman-conf>
diff --git a/apparmor.d/groups/pacman/pacman-hook-dkms b/apparmor.d/groups/pacman/pacman-hook-dkms
index 4bc084b5..8c08ea49 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@@ -32,6 +32,7 @@ profile pacman-hook-dkms @{exec_path} {
   # Inherit Silencer
   deny network inet6 stream,
   deny network inet stream,
+  deny /apparmor/.null rw,
 
   include if exists <local/pacman-hook-dkms>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh
index 29daf175..259e678e 100644
--- a/apparmor.d/groups/ssh/ssh
+++ b/apparmor.d/groups/ssh/ssh
@@ -41,5 +41,7 @@ profile ssh @{exec_path} {
   
   owner @{run}/user/@{uid}/keyring/ssh rw,
 
+  owner @{PROC}/@{pid}/loginuid r,
+
   include if exists <local/ssh>
 }
diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 210b439c..a0d2934e 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -66,14 +66,15 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/passwd               rPx,
   /{usr/,}lib/openssh/sftp-server  rPx,
 
-  /etc/legal r,
-  /etc/shells r,
-  /etc/default/locale r,
   @{etc_ro}/environment r,
+  @{etc_ro}/security/limits.d/{,*.conf} r,
+  @{etc_rw}/motd r,
+  /etc/default/locale r,
   /etc/gss/mech.d/{,*} r,
   /etc/issue.net r,
-  @{etc_rw}/motd r,
-  @{etc_ro}/security/limits.d/{,*.conf} r,
+  /etc/legal r,
+  /etc/machine-id r,
+  /etc/shells r,
 
   @{etc_ro}/ssh/sshd_config r,
   @{etc_ro}/ssh/sshd_config.d/{,*} r,
diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl
index 52724a8c..df5dba29 100644
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@@ -49,6 +49,8 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
 
   deny @{user_share_dirs}/gvfs-metadata/* r,
   deny /apparmor/.null rw,
+  deny network inet stream,
+  deny network inet6 stream,
 
   include if exists <local/systemd-journalctl>
 }
diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl
index aed5eda2..b3e7ca25 100644
--- a/apparmor.d/groups/systemd/loginctl
+++ b/apparmor.d/groups/systemd/loginctl
@@ -12,14 +12,8 @@ profile loginctl @{exec_path} {
   include <abstractions/dbus-strict>
   include <abstractions/systemd-common>
 
-  capability sys_resource,
   capability net_admin,
-
-  @{exec_path} mr,
-
-  /{usr/,}bin/less  rPx -> child-pager,
-  /{usr/,}bin/more  rPx -> child-pager,
-  /{usr/,}bin/pager rPx -> child-pager,
+  capability sys_resource,
 
   dbus (send) bus=system path=/org/freedesktop/login[0-9]*
        interface=org.freedesktop.login[0-9]*.Manager
@@ -31,5 +25,11 @@ profile loginctl @{exec_path} {
        member={Get,GetAll}
        peer=(name=org.freedesktop.login[0-9]*, label=systemd-logind),
 
+  @{exec_path} mr,
+
+  /{usr/,}bin/less  rPx -> child-pager,
+  /{usr/,}bin/more  rPx -> child-pager,
+  /{usr/,}bin/pager rPx -> child-pager,
+
   include if exists <local/loginctl>
 }
diff --git a/apparmor.d/groups/systemd/systemd-coredump b/apparmor.d/groups/systemd/systemd-coredump
index 84f369ae..29033667 100644
--- a/apparmor.d/groups/systemd/systemd-coredump
+++ b/apparmor.d/groups/systemd/systemd-coredump
@@ -8,7 +8,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/systemd/systemd-coredump
-profile systemd-coredump @{exec_path} flags=(attach_disconnected) {
+profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed
index 89d7d846..b0bf2dba 100644
--- a/apparmor.d/groups/systemd/systemd-hostnamed
+++ b/apparmor.d/groups/systemd/systemd-hostnamed
@@ -49,12 +49,9 @@ profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
   @{run}/systemd/notify rw,
   @{run}/udev/data/+dmi:id r,
 
-  @{sys}/devices/virtual/dmi/id/bios_vendor r,
-  @{sys}/devices/virtual/dmi/id/bios_version r,
-  @{sys}/devices/virtual/dmi/id/board_vendor r,
-  @{sys}/devices/virtual/dmi/id/chassis_type r,
-  @{sys}/devices/virtual/dmi/id/product_name r,
-  @{sys}/devices/virtual/dmi/id/product_version r,
+  @{sys}/devices/virtual/dmi/id/ r,
+  @{sys}/devices/virtual/dmi/id/{bios_vendor,bios_version,board_vendor,bios_date} r,
+  @{sys}/devices/virtual/dmi/id/{product_name,product_version,chassis_type} r,
   @{sys}/devices/virtual/dmi/id/sys_vendor r,
   @{sys}/devices/virtual/dmi/id/uevent r,
   @{sys}/firmware/dmi/entries/*/raw r,
diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd
index d97be763..962cc18f 100644
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@@ -72,6 +72,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
   @{run}/udev/data/n[0-9]* r,
 
   @{sys}/devices/**/net/** r,
+  @{sys}/devices/pci[0-9]*/**/ r,
   @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
   @{sys}/devices/virtual/dmi/id/product_name r,
 
diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved
index b203181f..d496317a 100644
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@@ -56,7 +56,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
   owner @{run}/systemd/journal/socket w,
 
   @{PROC}/sys/kernel/hostname r,
-  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+  @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
 
   include if exists <local/systemd-timesyncd>
 }
diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf
index d6a105b7..07bfcfd6 100644
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@@ -26,6 +26,7 @@ profile subiquity-console-conf @{exec_path} {
   /{usr/,}bin/{,da,ba}sh  rix,
   /{usr/,}bin/cat         rix,
   /{usr/,}bin/grep        rix,
+  /{usr/,}bin/ip          rix,
   /{usr/,}bin/mkdir       rix,
   /{usr/,}bin/mv          rix,
   /{usr/,}bin/sleep       rix,
diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier
index eb11b24f..1d6fdc79 100644
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@@ -20,8 +20,13 @@ profile update-notifier @{exec_path} {
   include <abstractions/openssl>
   include <abstractions/python>
 
-  dbus receive bus=session path=/org/ayatana/NotificationItem/*
-       member={GetLayout,GetGroupProperties,GetAll,AboutToShow},
+  dbus receive bus=session path=/org/ayatana/NotificationItem{,/**}
+       interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
+       peer=(name=:*, label=gnome-shell),
+
+  dbus (send) bus=accessibility path=/org/a11y/atspi/registry{,/**}
+         interface=org.a11y.atspi.DeviceEventController
+         peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log
index 8db82f61..8ecaffc2 100644
--- a/apparmor.d/profiles-a-f/aa-log
+++ b/apparmor.d/profiles-a-f/aa-log
@@ -21,9 +21,7 @@ profile aa-log @{exec_path} {
   /var/log/audit/* r,
 
   /{run,var}/log/journal/ r,
-  /{run,var}/log/journal/@{hex}/ r,
-  /{run,var}/log/journal/@{hex}/system*.journal r,
-  /{run,var}/log/journal/@{hex}/user*.journal r,
+  /{run,var}/log/journal/@{hex}/{,*} r,
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms
index b275038b..5a48337c 100644
--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@@ -117,10 +117,14 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
     /etc/depmod.d/{,*} r,
 
     /{usr/,}lib/modules/*/modules.* rw,
-    /var/lib/dkms/**/module/*.ko r,
+    /var/lib/dkms/**/module/*.ko* r,
 
     owner /boot/System.map-* r,
 
+    # Inherit silencer
+    deny /apparmor/.null rw,
+
+    include if exists <local/dkms_kmod>
   }
 
   include if exists <local/dkms>
diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper
index 553d236d..4bceb1b2 100644
--- a/apparmor.d/profiles-a-f/downloadhelper
+++ b/apparmor.d/profiles-a-f/downloadhelper
@@ -21,6 +21,8 @@ profile downloadhelper @{exec_path} {
 
   @{exec_path} mr,
 
+  /{usr/,}bin/ffmpeg rix,
+
   /opt/ r,
   /opt/net.downloadhelper.coapp/ r,
   /opt/net.downloadhelper.coapp/bin/ r,
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index ec120d25..f7e1c9ec 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -53,8 +53,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
        member=GetAll,
 
   dbus receive bus=system path=/
-       interface=org.freedesktop.fwupd
-       member=Changed,
+       interface=org.freedesktop.fwupd,
 
   dbus receive bus=system path=/
        interface=org.freedesktop.DBus.Properties
diff --git a/apparmor.d/profiles-m-r/netcap b/apparmor.d/profiles-m-r/netcap
index 024b21c7..473f2dc8 100644
--- a/apparmor.d/profiles-m-r/netcap
+++ b/apparmor.d/profiles-m-r/netcap
@@ -23,13 +23,14 @@ profile netcap @{exec_path} {
   @{exec_path} mr,
 
   @{PROC}/ r,
-  @{PROC}/@{pids}/stat r,
-  @{PROC}/@{pids}/fd/ r,
+  @{PROC}/@{pid}/net/dev r,
+  @{PROC}/@{pid}/net/packet r,
+  @{PROC}/@{pid}/net/raw{,6} r,
   @{PROC}/@{pid}/net/tcp{,6} r,
   @{PROC}/@{pid}/net/udp{,6} r,
-  @{PROC}/@{pid}/net/raw{,6} r,
-  @{PROC}/@{pid}/net/packet r,
-  @{PROC}/@{pid}/net/dev r,
+  @{PROC}/@{pid}/net/udplite{,6} r,
+  @{PROC}/@{pids}/fd/ r,
+  @{PROC}/@{pids}/stat r,
 
   include if exists <local/netcap>
 }
diff --git a/apparmor.d/profiles-m-r/netstat b/apparmor.d/profiles-m-r/netstat
index a65591fb..9610a421 100644
--- a/apparmor.d/profiles-m-r/netstat
+++ b/apparmor.d/profiles-m-r/netstat
@@ -42,7 +42,7 @@ profile netstat @{exec_path} {
         @{PROC}/@{pids}/net/unix r,
         @{PROC}/net r,
         @{PROC}/net/* r,
-        @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+        @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
   owner @{PROC}/@{pid}/attr/current r,
 
   include if exists <local/netstat>
diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd
index 0599faf6..c7c6303b 100644
--- a/apparmor.d/profiles-m-r/packagekitd
+++ b/apparmor.d/profiles-m-r/packagekitd
@@ -52,7 +52,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.DBus.Properties
-       member=GetAll
+       member={GetAll,PropertiesChanged}
        peer=(name=:*, label=NetworkManager),
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts
index 1f66cdc6..600f492d 100644
--- a/apparmor.d/profiles-m-r/run-parts
+++ b/apparmor.d/profiles-m-r/run-parts
@@ -131,7 +131,8 @@ profile run-parts @{exec_path} {
     /{usr/,}bin/sort       rix,
     /{usr/,}bin/tr         rix,
     /{usr/,}bin/uname      rix,
-
+  
+    /{usr/,}bin/snap                                               rPx,
     /{usr/,}lib/ubuntu-release-upgrader/release-upgrade-motd       rPx,
     /{usr/,}lib/update-notifier/update-motd-fsck-at-reboot         rPx,
     /{usr/,}lib/update-notifier/update-motd-reboot-required        rix,
diff --git a/apparmor.d/profiles-s-z/sbctl b/apparmor.d/profiles-s-z/sbctl
index 530e1d90..e2ecd42f 100644
--- a/apparmor.d/profiles-s-z/sbctl
+++ b/apparmor.d/profiles-s-z/sbctl
@@ -32,5 +32,9 @@ profile sbctl @{exec_path} {
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
+  # File Inherit
+  deny network inet stream,
+  deny network inet6 stream,
+
   include if exists <local/sbctl>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager
index e9107a57..b6c9db2f 100644
--- a/apparmor.d/profiles-s-z/virt-manager
+++ b/apparmor.d/profiles-s-z/virt-manager
@@ -89,6 +89,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/c4[0-9]*:[0-9]* r,
   @{run}/udev/data/c5[0-9]*:[0-9]* r,
 
+  @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
   @{sys}/devices/pci[0-9]*/**/drm/ r,
   @{sys}/devices/virtual/drm/ttm/uevent r,
 
diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant
index a93b53d3..c457e8cb 100644
--- a/apparmor.d/profiles-s-z/wpa-supplicant
+++ b/apparmor.d/profiles-s-z/wpa-supplicant
@@ -50,9 +50,10 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]/name r,
 
-  @{PROC}/sys/net/ipv[4,6]/conf/wlan[0-9]/drop_* rw,
-  @{PROC}/sys/net/ipv[4,6]/conf/wlo*/drop_* rw,
-  @{PROC}/sys/net/ipv[4,6]/conf/wlp*/drop_* rw,
+  @{PROC}/sys/net/ipv{4,6}/conf/p2p*/drop_* rw,
+  @{PROC}/sys/net/ipv{4,6}/conf/wlan*/drop_* rw,
+  @{PROC}/sys/net/ipv{4,6}/conf/wlo*/drop_* rw,
+  @{PROC}/sys/net/ipv{4,6}/conf/wlp*/drop_* rw,
 
   /dev/rfkill rw,