diff --git a/apparmor.d/groups/_full/systemd-user b/apparmor.d/groups/_full/systemd-user
index 1926f45d..eb94ff48 100644
--- a/apparmor.d/groups/_full/systemd-user
+++ b/apparmor.d/groups/_full/systemd-user
@@ -21,6 +21,11 @@ profile systemd-user flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/audio>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.bluez>
+  include <abstractions/bus/org.freedesktop.Avahi>
+  include <abstractions/bus/org.freedesktop.hostname1>
+  include <abstractions/bus/org.freedesktop.RealtimeKit1>
+  include <abstractions/disks-read>
   include <abstractions/nameservice-strict>
   include <abstractions/video>
 
@@ -31,7 +36,17 @@ profile systemd-user flags=(attach_disconnected,mediate_deleted) {
 
   ptrace (read),
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-system,
+
   # dbus: own bus=session name=org.freedesktop.systemd1
+  # dbus: own bus=session name=org.freedesktop.ReserveDevice1.Audio@{int}
+  # dbus: own bus=session name=org.PulseAudio1
+  # dbus: own bus=session name=org.pulseaudio*
+
+  dbus send bus=session path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member=GetConnectionUnixUser
+       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
diff --git a/apparmor.d/groups/pacman/mkinitcpio b/apparmor.d/groups/pacman/mkinitcpio
index 6c8c2a83..cbca3931 100644
--- a/apparmor.d/groups/pacman/mkinitcpio
+++ b/apparmor.d/groups/pacman/mkinitcpio
@@ -21,7 +21,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} rmix,
 
-  @{bin}/{,ba}sh             rix,
+  @{sh_path}                 rix,
   @{bin}/{m,g,}awk           rix,
   @{bin}/bsdtar              rix,
   @{bin}/cat                 rix,
diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman
index dd3779b2..24687a8e 100644
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@@ -49,7 +49,7 @@ profile pacman @{exec_path} {
   @{bin}/gpgsm        rCx -> gpg,
   
   # Pacman hooks & install scripts
-  @{bin}/{,ba}sh                     rix,
+  @{sh_path}                         rix,
   @{bin}/appstreamcli                rPx,
   @{bin}/arch-audit                  rPx,
   @{bin}/archlinux-java              rPx,
diff --git a/apparmor.d/groups/systemd/busctl b/apparmor.d/groups/systemd/busctl
index d099269b..bc5ab4fc 100644
--- a/apparmor.d/groups/systemd/busctl
+++ b/apparmor.d/groups/systemd/busctl
@@ -10,7 +10,7 @@ include <tunables/global>
 profile busctl @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
-  include <abstractions/bus-session>
+  include <abstractions/bus-system>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
@@ -23,6 +23,7 @@ profile busctl @{exec_path} {
   unix (bind) type=stream addr=@@{hex}/bus/busctl/busctl,
 
   dbus eavesdrop bus=session,
+  dbus eavesdrop bus=system,
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus.Monitoring
diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms
index 67e60bef..dabca542 100644
--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@@ -24,6 +24,8 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} rm,
 
+  @{sh_path}        rix,
+  @{bin}/as         rix,
   @{bin}/cat        rix,
   @{bin}/cp         rix,
   @{bin}/cut        rix,
@@ -31,9 +33,11 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
   @{bin}/diff       rix,
   @{bin}/echo       rix,
   @{bin}/find       rix,
+  @{bin}/gcc        rix,
   @{bin}/getconf    rix,
   @{bin}/head       rix,
   @{bin}/kmod       rCx -> kmod,
+  @{bin}/ld         rix,
   @{bin}/ln         rix,
   @{bin}/ls         rix,
   @{bin}/lsb_release rPx -> lsb_release,
@@ -42,16 +46,19 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
   @{bin}/mktemp     rix,
   @{bin}/mv         rix,
   @{bin}/nproc      rix,
+  @{bin}/objcopy    rix,
+  @{bin}/pahole     rix,
   @{bin}/pwd        rix,
   @{bin}/readlink   rix,
   @{bin}/rm         rix,
   @{bin}/rmdir      rix,
   @{bin}/sed        rix,
+  @{bin}/sleep      rix,
+  @{bin}/strip      rix,
   @{bin}/uname      rix,
   @{bin}/wc         rix,
   @{bin}/xargs      rix,
-  @{bin}/{,@{multiarch}-}* rix,
-  @{sh_path}        rix,
+  @{bin}/zstd       rix,
   @{bin}/{,e,f}grep rix,
   @{bin}/{,g,m}awk  rix,
   @{bin}/update-secureboot-policy rPUx,
diff --git a/apparmor.d/profiles-g-l/install-catalog b/apparmor.d/profiles-g-l/install-catalog
index 4f0156bc..714d10a6 100644
--- a/apparmor.d/profiles-g-l/install-catalog
+++ b/apparmor.d/profiles-g-l/install-catalog
@@ -14,7 +14,7 @@ profile install-catalog @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/{,ba}sh   rix,
+  @{sh_path}       rix,
   @{bin}/basename  rix,
   @{bin}/grep      rix,
   @{bin}/mv        rix,
diff --git a/apparmor.d/profiles-g-l/locale-gen b/apparmor.d/profiles-g-l/locale-gen
index 6108ba93..a2eb5c2d 100644
--- a/apparmor.d/profiles-g-l/locale-gen
+++ b/apparmor.d/profiles-g-l/locale-gen
@@ -17,7 +17,7 @@ profile locale-gen @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/{,ba}sh    rix,
+  @{sh_path}        rix,
   @{bin}/cat        rix,
   @{bin}/gzip       rix,
   @{bin}/localedef  rix,
diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game
index ce8d43b8..f363811d 100644
--- a/apparmor.d/profiles-s-z/steam-game
+++ b/apparmor.d/profiles-s-z/steam-game
@@ -115,7 +115,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
   / r,
   /{usr/,}{local/,} r,
   /{usr/,}{local/,}lib{,32,64}/ r,
-  /bindfile* rw,
+  /bindfile@{rand6} rw,
   /home/ r,
   /tmp/ r,