diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon
index 45dd3204..e8aed94d 100644
--- a/apparmor.d/groups/bus/dbus-daemon
+++ b/apparmor.d/groups/bus/dbus-daemon
@@ -77,6 +77,8 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/dbus-1/{,**} r,
         @{user_share_dirs}/icc/{,edid-*} r,
 
+  owner /tmp/dbus-@{rand10} rw,
+
   owner @{run}/user/@{uid}/dbus-1/ rw,
   owner @{run}/user/@{uid}/dbus-1/services/ rw,
         @{run}/systemd/inhibit/[0-9]*.ref rw,
diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal
index 4d107542..3d592218 100644
--- a/apparmor.d/groups/freedesktop/xdg-document-portal
+++ b/apparmor.d/groups/freedesktop/xdg-document-portal
@@ -13,7 +13,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
 
   capability sys_nice,
   capability sys_resource,
-#  capability sys_admin,
+  capability sys_admin,
+
+  mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/,
 
   ptrace (read) peer=xdg-desktop-portal,
 
@@ -78,12 +80,12 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
     / r,
     /etc/flatpak/remotes.d/{,*} r,
 
+    /var/lib/flatpak/{,**} rw,
+
     owner @{user_cache_dirs}/flatpak/{,**} r,
     owner @{user_config_dirs}/user-dirs.dirs r,
     owner @{user_share_dirs}/flatpak/{,**} r,
 
-    /var/lib/flatpak/{,**} rw,
-
     @{PROC}/sys/kernel/random/boot_id r,
 
     /dev/tty rw,
@@ -98,25 +100,22 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
     capability sys_admin,
     capability dac_read_search,
 
-    unix (send receive) type=stream peer=(label=xdg-document-portal),
-
-  #   network inet stream,
-  #   network inet6 stream,
-
-    @{bin}/fusermount{,3} mr,
-
-    /etc/fuse{,3}.conf r,
-
     mount options=(rw, rprivate) -> /,
     mount options=(rw, rbind) @{run}/user/@{uid}/ -> /,
     mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/,
 
     umount @{run}/user/@{uid}/doc/,
-  
-    @{PROC}/@{pids}/mounts r,
+
+    unix (send receive) type=stream peer=(label=xdg-document-portal),
+
+    @{bin}/fusermount{,3} mr,
+
+    /etc/fuse{,3}.conf r,
 
     owner @{run}/user/@{uid}/doc/ rw,
 
+    @{PROC}/@{pids}/mounts r,
+
     /dev/fuse rw,
 
     include if exists <local/xdg-document-portal_fusermount>
diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp
index fc6ca30e..500e1070 100644
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@@ -31,6 +31,8 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
         /var/lib/gdm{3,}/.local/share/xorg/Xorg.@{int}.log w,
   owner /var/log/lightdm/x-@{int}.log w,
 
+  owner @{run}/user/@{uid}/server-@{int}.xkm rwk,
+
   owner /tmp/server-@{int}.xkm rwk,
 
   /dev/dri/card@{int} rw,
diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland
index 82df7245..3b265384 100644
--- a/apparmor.d/groups/freedesktop/xwayland
+++ b/apparmor.d/groups/freedesktop/xwayland
@@ -38,6 +38,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
 
   owner /tmp/server-@{int}.xkm rwk,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
+  owner @{run}/user/@{uid}/server-@{int}.xkm rw,
   owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,
 
   @{sys}/bus/pci/devices/ r,
diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell
index 0e74c2a4..499bdf1a 100644
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@@ -581,7 +581,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
   owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
   owner @{run}/user/@{uid}/systemd/notify rw,
-  owner @{run}/user/@{uid}/wayland-@{int} rwk,
+  owner @{run}/user/@{uid}/wayland-@{int}.lock rwk,
 
   owner /dev/shm/.org.chromium.Chromium.* rw,
   owner /dev/shm/wayland.mozilla.ipc.@{int} rw,
diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor
index 04233aa5..0e810716 100644
--- a/apparmor.d/groups/gnome/gnome-system-monitor
+++ b/apparmor.d/groups/gnome/gnome-system-monitor
@@ -44,10 +44,13 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
   @{run}/systemd/sessions/*     r,
   @{run}/systemd/sessions/*.ref r,
 
-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/collisions r,
-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/rx_{bytes,errors,packets} r,
-  @{sys}/devices/pci[0-9]*/**/net/*/statistics/tx_{bytes,errors,packets} r,
-  @{sys}/devices/pci[0-9]*/**/virtio[0-9]*/**/stat r,
+  @{sys}/devices/@{pci}/net/*/statistics/collisions r,
+  @{sys}/devices/@{pci}/net/*/statistics/rx_{bytes,errors,packets} r,
+  @{sys}/devices/@{pci}/net/*/statistics/tx_{bytes,errors,packets} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/collisions r,
+  @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/rx_{bytes,errors,packets} r,
+  @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/tx_{bytes,errors,packets} r,
+  @{sys}/devices/@{pci}/virtio[0-9]*/**/stat r,
   @{sys}/devices/virtual/net/*/statistics/collisions r,
   @{sys}/devices/virtual/net/*/statistics/rx_{bytes,errors,packets} r,
   @{sys}/devices/virtual/net/*/statistics/tx_{bytes,errors,packets} r,
diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd
index 4ab1f848..af21d1d2 100644
--- a/apparmor.d/groups/virt/virtnodedevd
+++ b/apparmor.d/groups/virt/virtnodedevd
@@ -52,7 +52,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/c29:[0-9]* r,        # For /dev/fb[0-9]*
   @{run}/udev/data/c90:[0-9]* r,        # For RAM, ROM, Flash
   @{run}/udev/data/c116:[0-9]* r,       # For ALSA
-  @{run}/udev/data/c226:[0-9]* r,       # For /dev/dri/card@{int}
+  @{run}/udev/data/c226:[0-9]* r,       # For /dev/dri/card[0-9]*
   @{run}/udev/data/c23[4-9]:[0-9]* r,   # For dynamic assignment range 234 to 254
   @{run}/udev/data/c24[0-9]:[0-9]* r,
   @{run}/udev/data/c25[0-4]:[0-9]* r,
diff --git a/apparmor.d/profiles-m-r/multipath b/apparmor.d/profiles-m-r/multipath
index 10c3d71b..b658ccad 100644
--- a/apparmor.d/profiles-m-r/multipath
+++ b/apparmor.d/profiles-m-r/multipath
@@ -16,8 +16,11 @@ profile multipath @{exec_path} {
 
   @{exec_path} mr,
 
-  /etc/multipath/bindings rwk,
   /etc/multipath.conf r,
+  /etc/multipath/bindings rwk,
+  /etc/systemd/system/ r,
+
+  @{run}/systemd/system/ r,
 
   @{sys}/bus/ r,
   @{sys}/class/ r,
diff --git a/apparmor.d/profiles-m-r/pidof b/apparmor.d/profiles-m-r/pidof
index 4a3fa08a..cf4485ed 100644
--- a/apparmor.d/profiles-m-r/pidof
+++ b/apparmor.d/profiles-m-r/pidof
@@ -18,10 +18,14 @@ profile pidof @{exec_path} {
 
   /app/lib/libzypak-preload-host*.so rm,
 
+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
+
   @{PROC}/ r,
   @{PROC}/@{pids}/cmdline r,
   @{PROC}/@{pids}/stat r,
   @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/uptime r,
 
   owner /dev/tty@{int} rw,
 
diff --git a/apparmor.d/profiles-s-z/thunderbird-vaapitest b/apparmor.d/profiles-s-z/thunderbird-vaapitest
index a4d340ff..aebbe30e 100644
--- a/apparmor.d/profiles-s-z/thunderbird-vaapitest
+++ b/apparmor.d/profiles-s-z/thunderbird-vaapitest
@@ -30,5 +30,7 @@ profile thunderbird-vaapitest @{exec_path} {
 
   owner /tmp/thunderbird/.parentlock rw,
 
+  @{sys}/devices/@{pci}/{irq,resource,revision} r,
+
   include if exists <local/thunderbird-vaapitest>
 }
\ No newline at end of file
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 4fb08673..22fd04b8 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -354,7 +354,7 @@ xdg-desktop-portal attach_disconnected,complain
 xdg-desktop-portal-gnome complain
 xdg-desktop-portal-gtk complain
 xdg-desktop-portal-kde complain
-xdg-document-portal complain
+xdg-document-portal attach_disconnected,complain
 xdg-permission-store attach_disconnected,complain
 xdg-user-dirs-gtk-update complain
 xdm-xsession complain