diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg
index 9c69827c..b1f10217 100644
--- a/apparmor.d/groups/gpg/gpg
+++ b/apparmor.d/groups/gpg/gpg
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/gpg
+@{exec_path} = @{bin}/gpg{,2}
 profile gpg @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
diff --git a/apparmor.d/groups/gpg/gpgsm b/apparmor.d/groups/gpg/gpgsm
index aa223df1..a4e69f8b 100644
--- a/apparmor.d/groups/gpg/gpgsm
+++ b/apparmor.d/groups/gpg/gpgsm
@@ -16,6 +16,8 @@ profile gpgsm @{exec_path} {
 
   @{exec_path} mr,
 
+  @{bin}/dirmngr rPx,
+
   /usr/share/gnupg/* r,
 
   /etc/gcrypt/hwf.deny r,
diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd
index 8c906b73..93b82790 100644
--- a/apparmor.d/groups/kde/kactivitymanagerd
+++ b/apparmor.d/groups/kde/kactivitymanagerd
@@ -13,6 +13,7 @@ profile kactivitymanagerd @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
   include <abstractions/recent-documents-write>
+  include <abstractions/user-read>
   include <abstractions/wayland>
   include <abstractions/X-strict>
 
diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac
index ef745666..1a7a5536 100644
--- a/apparmor.d/groups/kde/kalendarac
+++ b/apparmor.d/groups/kde/kalendarac
@@ -54,6 +54,9 @@ profile kalendarac @{exec_path} {
   owner @{run}/user/@{uid}/pulse/ r,
   owner @{run}/user/@{uid}/xauth_@{rand6} rl,
 
+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
+
   @{PROC}/sys/kernel/core_pattern r,
 
   /dev/tty r,
diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5
index 9cb7807b..55b8778e 100644
--- a/apparmor.d/groups/kde/kded5
+++ b/apparmor.d/groups/kde/kded5
@@ -119,8 +119,8 @@ profile kded5 @{exec_path} {
 
         @{run}/mount/utab r,
         @{run}/udev/data/c189:@{int} r,                # for /dev/bus/usb/**
+        @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/#@{int} rw,
-  owner @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/kded5*kioworker.socket rwl,
 
   owner /tmp/plasma-csd-generator.@{rand6}/{,**} rw,
diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher
index 06233ed9..e4b8ade7 100644
--- a/apparmor.d/groups/network/nm-dispatcher
+++ b/apparmor.d/groups/network/nm-dispatcher
@@ -2,6 +2,8 @@
 # Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+# TODO: rethink how the scripts should be managed
+
 abi <abi/3.0>,
 
 include <tunables/global>
@@ -12,7 +14,9 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
+  capability net_admin,
   capability sys_nice,
+  capability sys_ptrace,
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
@@ -41,13 +45,13 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
   @{bin}/rm                 rix,
   @{bin}/run-parts          rCx -> run-parts,
   @{bin}/sed                rix,
-  @{bin}/systemctl          rPx -> child-systemctl,
+  @{bin}/systemctl          rix,
   @{bin}/systemd-cat        rPx,
   @{bin}/tr                 rix,
   /usr/share/tlp/tlp-readconfs  rPUx,
 
   @{lib}/NetworkManager/dispatcher.d/ r,
-  @{lib}/NetworkManager/dispatcher.d/* rix,
+  @{lib}/NetworkManager/dispatcher.d/** rix,
   /etc/NetworkManager/dispatcher.d/ r,
   /etc/NetworkManager/dispatcher.d/** rix,
 
@@ -71,7 +75,10 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
 
     /{usr/,}bin/run-parts mr,
 
-   include if exists <local/anacron_run_parts>
+    /etc/network/if-*.d/ r,
+    /etc/network/if-*.d/* rPUx,
+
+    include if exists <local/anacron_run_parts>
   }
 
   include if exists <local/nm-dispatcher>
diff --git a/apparmor.d/profiles-s-z/smartd b/apparmor.d/profiles-s-z/smartd
index 30f15c3b..244d7f31 100644
--- a/apparmor.d/profiles-s-z/smartd
+++ b/apparmor.d/profiles-s-z/smartd
@@ -1,6 +1,7 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
 # Copyright (C) 2022 Jeroen Rijken
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -13,46 +14,42 @@ profile smartd @{exec_path} {
   include <abstractions/disks-read>
   include <abstractions/nameservice-strict>
 
-  # To remove the following errors:
-  #  Device: /dev/disk/by-id/ata-*, IE (SMART) not enabled, skip device
-  #  Try 'smartctl -s on /dev/disk/by-id/ata-*' to turn on SMART features
-  #  Unable to register SCSI device /dev/disk/by-id/ata-* at line * of file /etc/smartd.conf
-  #  Device: /dev/disk/by-id/ata-*, not available
   capability sys_rawio,
   capability sys_admin,
 
   # Needed?
-  deny capability net_admin,
+  audit capability net_admin,
 
   @{exec_path} mr,
+
   @{bin}/{,ba,da}sh rix,
   @{bin}/cat        rix,
   @{bin}/hostname   rix,
   @{bin}/mail       rix,
   @{bin}/mktemp     rix,
   @{bin}/run-parts  rix,
-  /usr/share/smartmontools/{smartd-runner,smartd_warning.sh} rix,
-  /etc/smartmontools/run.d/* rix,
 
+  /etc/smartmontools/run.d/* rix,
+  /usr/share/smartmontools/{smartd-runner,smartd_warning.sh} rix,
+
+  /etc/smart_drivedb.h r,
   /etc/smartd.conf r,
+  /etc/smartmontools/smartd_warning.d/{,*} r,
+  /usr/share/smartmontools/drivedb.h r,
+  /var/lib/smartmontools/drivedb/drivedb.h r,
 
   /var/lib/smartmontools/smartd.*.state{,~} rw,
   /var/lib/smartmontools/attrlog.*.csv rw,
 
-  # Plugin directory for smartd warning script
-  /etc/smartmontools/smartd_warning.d/ r,
+  /tmp/tmp.* rw,
 
-  # Drive database location
-  /usr/share/smartmontools/drivedb.h r,
-  /var/lib/smartmontools/drivedb/drivedb.h r,
-  /etc/smart_drivedb.h r,
+  @{run}/systemd/notify rw,
+
+  @{sys}/class/scsi_host/ r,
 
-  # Needed when smartd-runner scans for drives
-  /dev/ r,
   @{PROC}/devices r,
 
-  /run/systemd/notify rw,
-  /tmp/tmp.* rw,
+  /dev/ r,
 
   include if exists <local/smartd>
 }