diff --git a/apparmor.d/groups/apt/reportbug b/apparmor.d/groups/apt/reportbug
index 1a38e534..5e814f26 100644
--- a/apparmor.d/groups/apt/reportbug
+++ b/apparmor.d/groups/apt/reportbug
@@ -13,14 +13,11 @@ profile reportbug @{exec_path} {
   include <abstractions/apt-common>
   include <abstractions/consoles>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/enchant>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
   include <abstractions/nameservice-strict>
   include <abstractions/python>
-  include <abstractions/wayland>
 
   network inet dgram,
   network inet6 dgram,
@@ -54,18 +51,17 @@ profile reportbug @{exec_path} {
   @{bin}/lsb_release      rPx -> lsb_release,
   @{bin}/more             rPx -> child-pager,
   @{bin}/pager            rPx -> child-pager,
-  @{bin}/systemctl        rPx -> child-systemctl,
+  @{bin}/systemctl        rCx -> systemctl,
   @{lib}/firefox/firefox rPUx,  # App allowed to open
   /usr/share/bug/*       rPUx,
 
   @{bin}/gpg{,2}          rCx -> gpg,
   @{bin}/run-parts        rCx -> run-parts,
-  @{bin}/xdg-open         rCx -> open,
+  @{open_path}            rPx -> child-open,
 
   @{lib}/python3/dist-packages/pylocales/locales.db rk,
 
   /usr/share/bug/*/{control,presubj} r,
-  /usr/share/X11/xkb/** r,
 
   /etc/** r,
   /etc/reportbug.conf r,
@@ -94,6 +90,7 @@ profile reportbug @{exec_path} {
 
     @{bin}/run-parts mr,
 
+    include if exists <local/reportbug_run-parts>
   }
 
   profile gpg {
@@ -107,29 +104,14 @@ profile reportbug @{exec_path} {
     owner /tmp/reportbug-*-{signed,unsigned}-* rw,
     owner @{HOME}/draftbugreports/reportbug-*-{signed,unsigned}-* rw,
 
+    include if exists <local/reportbug_gpg>
   }
 
-  profile open {
+  profile systemctl {
     include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{sh_path}             rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{lib}/firefox/firefox rPUx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-
+    include <abstractions/systemctl>
+  
+    include if exists <local/reportbug_systemctl>
   }
 
   include if exists <local/reportbug>
diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession
index a1a063d2..4f3aa753 100644
--- a/apparmor.d/groups/kde/xdm-xsession
+++ b/apparmor.d/groups/kde/xdm-xsession
@@ -39,7 +39,7 @@ profile xdm-xsession @{exec_path} {
   @{bin}/flatpak                            rPx,
   @{bin}/pidof                              rPx,
   @{bin}/startplasma-x11                    rPx,
-  @{bin}/systemctl                          rPx -> child-systemctl,
+  @{bin}/systemctl                          rCx -> systemctl,
   @{bin}/xdg-user-dirs-update               rPx,
   @{bin}/xrdb                               rPx,
 
@@ -101,5 +101,12 @@ profile xdm-xsession @{exec_path} {
     include if exists <local/xdm-xsession_dbus>
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/xdm-xsession_systemctl>
+  }
+
   include if exists <local/xdm-xsession>
 }
diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn
index df0a2039..82b6930c 100644
--- a/apparmor.d/profiles-a-f/acpi-powerbtn
+++ b/apparmor.d/profiles-a-f/acpi-powerbtn
@@ -21,7 +21,7 @@ profile acpi-powerbtn flags=(attach_disconnected) {
   @{bin}/shutdown     rix,
   /etc/acpi/powerbtn.sh    rix,
 
-  @{bin}/systemctl    rPx -> child-systemctl,
+  @{bin}/systemctl    rCx -> systemctl,
   @{bin}/ps           rPx,
 
   @{bin}/fgconsole    rCx,
@@ -46,5 +46,12 @@ profile acpi-powerbtn flags=(attach_disconnected) {
     owner /dev/tty@{int} rw,
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/acpi-powerbtn_systemctl>
+  }
+
   include if exists <local/acpi-powerbtn>
 }
diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman
index 00329af2..0acf21eb 100644
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@@ -12,15 +12,12 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
   include <abstractions/nameservice-strict>
   include <abstractions/python>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
-  include <abstractions/wayland>
 
   network inet stream,
   network inet6 stream,
@@ -37,7 +34,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   @{open_path}         rPx -> child-open,
 
   /usr/share/blueman/{,**} r,
-  /usr/share/X11/xkb/{,**} r,
 
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
@@ -57,8 +53,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   owner @{user_cache_dirs}/obexd/ rw,
   owner @{user_cache_dirs}/obexd/* rw,
 
-  owner @{run}/user/@{uid}/gdm/Xauthority r,
-
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
         @{PROC}/@{pids}/cmdline r,
diff --git a/apparmor.d/profiles-a-f/dkms-autoinstaller b/apparmor.d/profiles-a-f/dkms-autoinstaller
index a7453022..fe9b5309 100644
--- a/apparmor.d/profiles-a-f/dkms-autoinstaller
+++ b/apparmor.d/profiles-a-f/dkms-autoinstaller
@@ -20,7 +20,7 @@ profile dkms-autoinstaller @{exec_path} {
   @{bin}/plymouth   rix,
   @{bin}/readlink   rix,
   @{bin}/run-parts  rCx -> run-parts,
-  @{bin}/systemctl  rPx -> child-systemctl,
+  @{bin}/systemctl  rCx -> systemctl,
   @{bin}/tput       rix,
 
   # For shell pwd
@@ -34,6 +34,14 @@ profile dkms-autoinstaller @{exec_path} {
 
     @{bin}/run-parts mr,
 
+    include if exists <local/dkms-autoinstaller_run-parts>
+  }
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/dkms-autoinstaller_systemctl>
   }
 
   include if exists <local/dkms-autoinstaller>
diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim
index 78cf77c8..e662cf05 100644
--- a/apparmor.d/profiles-g-l/gajim
+++ b/apparmor.d/profiles-g-l/gajim
@@ -10,23 +10,19 @@ include <tunables/global>
 @{exec_path} = @{bin}/gajim
 profile gajim @{exec_path} {
   include <abstractions/base>
+  include <abstractions/audio-client>
   include <abstractions/dconf-write>
-  include <abstractions/X>
-  include <abstractions/gtk>
-  include <abstractions/fonts>
-  include <abstractions/fontconfig-cache-read>
-  include <abstractions/freedesktop.org>
-  include <abstractions/audio>
-  include <abstractions/video>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
-  include <abstractions/nameservice-strict>
-  include <abstractions/user-download-strict>
-  include <abstractions/python>
-  include <abstractions/openssl>
-  include <abstractions/ssl_certs>
-  include <abstractions/gstreamer>
+  include <abstractions/desktop>
   include <abstractions/enchant>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/graphics>
+  include <abstractions/gstreamer>
+  include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
+  include <abstractions/python>
+  include <abstractions/ssl_certs>
+  include <abstractions/user-download-strict>
+  include <abstractions/video>
 
   network inet dgram,
   network inet6 dgram,
@@ -58,8 +54,12 @@ profile gajim @{exec_path} {
   @{lib}/firefox/firefox rPx,
   @{bin}/spacefm         rPx,
 
-  # Gajim plugins
   /usr/share/gajim/plugins/{,**} r,
+  /usr/share/xml/iso-codes/{,**} r,
+
+  /etc/fstab r,
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
 
   # Gajim home files
   owner @{HOME}/ r,
@@ -80,13 +80,6 @@ profile gajim @{exec_path} {
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/mountinfo r,
 
-  /etc/machine-id r,
-  /var/lib/dbus/machine-id r,
-
-  /etc/fstab r,
-
-  /usr/share/xml/iso-codes/{,**} r,
-
   # TMP files locations (first in /tmp/ , /var/tmp/ and @{HOME}/)
     /var/tmp/ r,
         /tmp/ r,
diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted
index 0b82909a..6bd0ef24 100644
--- a/apparmor.d/profiles-g-l/gparted
+++ b/apparmor.d/profiles-g-l/gparted
@@ -42,7 +42,7 @@ profile gparted @{exec_path} {
   @{bin}/ps          rPx,
   @{bin}/xhost       rPx,
   @{bin}/pkexec      rPx,
-  @{bin}/systemctl   rPx -> child-systemctl,
+  @{bin}/systemctl   rCx -> systemctl,
 
   # For shell pwd
   / r,
@@ -60,25 +60,18 @@ profile gparted @{exec_path} {
 
   profile udevadm {
     include <abstractions/base>
-
-    ptrace (read),
+    include <abstractions/systemd-common>
 
     @{bin}/udevadm mr,
 
     /etc/udev/udev.conf r,
 
-    owner @{PROC}/@{pid}/stat r,
-          @{PROC}/cmdline r,
-          @{PROC}/1/sched r,
-          @{PROC}/1/environ r,
-          @{PROC}/sys/kernel/osrelease r,
-          @{PROC}/sys/kernel/random/boot_id r,
-
     @{sys}/** r,
     @{sys}/devices/virtual/block/**/uevent rw,
     @{sys}/devices/@{pci}/block/**/uevent rw,
     @{run}/udev/data/* r,
 
+    include if exists <local/gparted_udevadm>
   }
 
   profile killall flags=(attach_disconnected) {
@@ -99,6 +92,14 @@ profile gparted @{exec_path} {
          @{PROC}/@{pids}/stat r,
          @{PROC}/@{pids}/cmdline r,
 
+    include if exists <local/gparted_killall>
+  }
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/gparted_systemctl>
   }
 
   include if exists <local/gparted>
diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe
index c2106a36..5d7c0186 100644
--- a/apparmor.d/profiles-g-l/hw-probe
+++ b/apparmor.d/profiles-g-l/hw-probe
@@ -69,8 +69,6 @@ profile hw-probe @{exec_path} {
   @{bin}/xinput      rPx,
   @{bin}/xrandr      rPx,
 
-  @{bin}/systemctl   rPx -> child-systemctl,
-
   @{bin}/curl            rCx -> curl,
   @{bin}/ethtool         rCx -> netconfig,
   @{bin}/find            rCx -> find,
@@ -80,6 +78,7 @@ profile hw-probe @{exec_path} {
   @{bin}/journalctl      rCx -> journalctl,
   @{bin}/killall         rCx -> killall,
   @{bin}/kmod            rCx -> kmod,
+  @{bin}/systemctl       rCx -> systemctl,
   @{bin}/systemd-analyze rPx,
   @{bin}/udevadm         rCx -> udevadm,
 
@@ -166,25 +165,18 @@ profile hw-probe @{exec_path} {
 
   profile udevadm {
     include <abstractions/base>
+    include <abstractions/systemd-common>
 
     @{bin}/udevadm mr,
 
     /etc/udev/udev.conf r,
 
-    @{run}/udev/data/* r,
-  
     @{sys}/bus/ r,
     @{sys}/bus/*/devices/ r,
     @{sys}/class/ r,
     @{sys}/class/*/ r,
     @{sys}/devices/**/uevent r,
 
-          @{PROC}/1/environ r,
-          @{PROC}/1/sched r,
-          @{PROC}/cmdline r,
-          @{PROC}/sys/kernel/osrelease r,
-    owner @{PROC}/@{pid}/stat r,
-
     include if exists <local/hw-probe_udevadm>
   }
 
@@ -228,5 +220,12 @@ profile hw-probe @{exec_path} {
     include if exists <local/hw-probe_netconfig>
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/hw-probe_systemctl>
+  }
+
   include if exists <local/hw-probe>
 }
diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix
index b6b6a911..f3430dbf 100644
--- a/apparmor.d/profiles-g-l/hypnotix
+++ b/apparmor.d/profiles-g-l/hypnotix
@@ -13,18 +13,14 @@ profile hypnotix @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
   include <abstractions/openssl>
   include <abstractions/python>
   include <abstractions/ssl_certs>
   include <abstractions/user-download-strict>
-  include <abstractions/vulkan>
 
   signal (send) set=(term, kill) peer=youtube-dl,
   signal (send) set=(term, kill) peer=yt-dlp,
@@ -49,7 +45,6 @@ profile hypnotix @{exec_path} {
   @{lib}/firefox/firefox rPx,
 
   /usr/share/hypnotix/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/machine-id r,
   /etc/vdpau_wrapper.cfg r,
@@ -60,8 +55,6 @@ profile hypnotix @{exec_path} {
 
   owner @{user_music_dirs}/** r,
 
-  @{sys}/devices/@{pci}/drm/ r,
-
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/cmdline r,
diff --git a/apparmor.d/profiles-g-l/initd-kexec b/apparmor.d/profiles-g-l/initd-kexec
index ff9e442f..e7471d64 100644
--- a/apparmor.d/profiles-g-l/initd-kexec
+++ b/apparmor.d/profiles-g-l/initd-kexec
@@ -40,27 +40,16 @@ profile initd-kexec @{exec_path} {
 
   profile systemctl {
     include <abstractions/base>
-
+    include <abstractions/systemctl>
+  
     capability sys_resource,
 
-    ptrace (read),
-
-    @{bin}/systemctl mr,
-
     @{bin}/systemd-tty-ask-password-agent rix,
 
-    owner @{PROC}/@{pid}/stat r,
-    owner @{PROC}/@{pid}/fd/ r,
-          @{PROC}/sys/kernel/osrelease r,
-          @{PROC}/1/sched r,
-          @{PROC}/1/environ r,
-          @{PROC}/cmdline r,
-
-    /dev/kmsg w,
-
     owner @{run}/systemd/ask-password/ rw,
     owner @{run}/systemd/ask-password-block/* rw,
 
+    include if exists <local/initd-kexec_systemctl>
   }
 
   include if exists <local/initd-kexec>
diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi
index e67c03b0..7544a119 100644
--- a/apparmor.d/profiles-g-l/inxi
+++ b/apparmor.d/profiles-g-l/inxi
@@ -35,11 +35,10 @@ profile inxi @{exec_path} {
   @{bin}/{,@{multiarch}-}gcc-[0-9]* rix,
 
   @{bin}/ip              rCx -> ip,
-  @{lib}/systemd/systemd rCx -> systemd,
   @{bin}/kmod            rCx -> kmod,
+  @{bin}/systemctl       rCx -> systemctl,
   @{bin}/udevadm         rCx -> udevadm,
-
-  @{bin}/systemctl  rPx -> child-systemctl,
+  @{lib}/systemd/systemd rCx -> systemd,
 
   # Do not strip env to avoid errors like the following:
   #  ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
@@ -87,6 +86,14 @@ profile inxi @{exec_path} {
 
   @{run}/ r,
 
+  @{sys}/class/power_supply/ r,
+  @{sys}/class/net/ r,
+  @{sys}/firmware/acpi/tables/ r,
+  @{sys}/bus/usb/devices/ r,
+  @{sys}/devices/{,**} r,
+  @{sys}/module/*/version r,
+  @{sys}/power/wakeup_count r,
+
   @{PROC}/asound/ r,
   @{PROC}/asound/version r,
   @{PROC}/sys/kernel/hostname r,
@@ -105,15 +112,6 @@ profile inxi @{exec_path} {
   /dev/disk/*/ r,
   /dev/dm-[0-9]* r,
 
-  @{sys}/class/power_supply/ r,
-  @{sys}/class/net/ r,
-  @{sys}/firmware/acpi/tables/ r,
-  @{sys}/bus/usb/devices/ r,
-  @{sys}/devices/{,**} r,
-  @{sys}/module/*/version r,
-  @{sys}/power/wakeup_count r,
-
-
   profile ip {
     include <abstractions/base>
 
@@ -125,38 +123,33 @@ profile inxi @{exec_path} {
 
     /etc/iproute2/group r,
 
+    include if exists <local/inxi_ip>
   }
 
   profile systemd {
     include <abstractions/base>
+    include <abstractions/systemd-common>
 
     @{lib}/systemd/systemd mr,
 
     /etc/systemd/user.conf r,
 
-    owner @{PROC}/@{pid}/stat r,
-          @{PROC}/sys/kernel/pid_max r,
-          @{PROC}/sys/kernel/threads-max r,
-          @{PROC}/1/cgroup r,
-
+    include if exists <local/inxi_systemd>
   }
 
   profile udevadm {
     include <abstractions/base>
+    include <abstractions/systemd-common>
 
     @{bin}/udevadm mr,
 
     /etc/udev/udev.conf r,
 
-    owner @{PROC}/@{pid}/stat r,
-          @{PROC}/cmdline r,
-          @{PROC}/1/sched r,
-          @{PROC}/1/environ r,
-          @{PROC}/sys/kernel/osrelease r,
-
-    @{sys}/devices/@{pci}/block/**/uevent r,
     @{run}/udev/data/b* r,
 
+    @{sys}/devices/@{pci}/block/**/uevent r,
+
+    include if exists <local/inxi_udevadm>
   }
 
   profile kmod {
@@ -167,6 +160,14 @@ profile inxi @{exec_path} {
     @{PROC}/cmdline r,
     @{PROC}/modules r,
 
+    include if exists <local/inxi_kmod>
+  }
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/inxi_systemctl>
   }
 
   include if exists <local/inxi>
diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc
index 19f02d2c..4df5541a 100644
--- a/apparmor.d/profiles-g-l/labwc
+++ b/apparmor.d/profiles-g-l/labwc
@@ -11,16 +11,11 @@ include <tunables/global>
 profile labwc @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/desktop>
   include <abstractions/devices-usb>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/vulkan>
-  include <abstractions/wayland>
 
   network netlink raw,
 
@@ -32,8 +27,6 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/libinput/ r,
   /usr/share/libinput/*.quirks r,
-  /usr/share/themes/**/themerc r,
-  /usr/share/X11/xkb/** r,
 
   owner @{user_config_dirs}/labwc/ r,
   owner @{user_config_dirs}/labwc/* r,
@@ -61,9 +54,5 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
 
   owner @{PROC}/@{pid}/fd/ r,
 
-  owner /tmp/.X@{int}-lock rw,
-  owner /tmp/.X11-unix/ rw,
-  owner /tmp/.X11-unix/X@{int} rw,
-
   include if exists <local/labwc>
 }
diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble
index a325acdb..f332a164 100644
--- a/apparmor.d/profiles-m-r/mumble
+++ b/apparmor.d/profiles-m-r/mumble
@@ -10,21 +10,17 @@ include <tunables/global>
 @{exec_path} = @{bin}/mumble
 profile mumble @{exec_path} {
   include <abstractions/base>
-  include <abstractions/X>
-  include <abstractions/gtk>
-  include <abstractions/freedesktop.org>
-  include <abstractions/fonts>
+  include <abstractions/audio-client>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/audio>
-  include <abstractions/user-download-strict>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/dri-enumerate>
-  include <abstractions/mesa>
-  include <abstractions/qt5-settings-write>
-  include <abstractions/qt5-compose-cache-write>
-  include <abstractions/user-download-strict>
   include <abstractions/openssl>
+  include <abstractions/qt5-compose-cache-write>
+  include <abstractions/qt5-settings-write>
   include <abstractions/ssl_certs>
+  include <abstractions/user-download-strict>
+  include <abstractions/user-download-strict>
 
   network inet dgram,
   network inet6 dgram,
@@ -35,25 +31,22 @@ profile mumble @{exec_path} {
 
   @{exec_path} mrix,
 
-  @{bin}/lsb_release rPx -> lsb_release,
-  @{bin}/xdg-open    rCx -> open,
+  @{bin}/lsb_release  rPx -> lsb_release,
+  @{browsers_path}    rPx,
+  @{open_path}        rPx -> child-open,
+
+  /etc/fstab r,
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
 
-  # Mumble home files
   owner @{HOME}/ r,
+  owner @{HOME}/.jackdrc r,
+  owner @{HOME}/.MumbleOverlayPipe rw,
+  owner @{HOME}/.MumbleSocket rw,
   owner @{user_config_dirs}/Mumble/ rw,
   owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#@{int},
   owner @{user_share_dirs}/Mumble/ rw,
   owner @{user_share_dirs}/Mumble/** rwk,
-  owner @{HOME}/.MumbleOverlayPipe rw,
-  owner @{HOME}/.MumbleSocket rw,
-
-  owner @{HOME}/.jackdrc r,
-
-  /etc/machine-id r,
-  /var/lib/dbus/machine-id r,
-
-  /dev/shm/MumbleLink.@{int} rw,
-  /dev/shm/#@{int} rw,
 
   owner @{run}/user/@{uid}/MumbleSocket rw,
   owner @{run}/user/@{uid}/MumbleOverlayPipe rw,
@@ -64,42 +57,11 @@ profile mumble @{exec_path} {
        owner @{PROC}/@{pid}/mounts r,
   deny       @{PROC}/sys/kernel/random/boot_id r,
 
-  /etc/fstab r,
-
-  owner @{user_config_dirs}/qt5ct/{,**} r,
-  /usr/share/qt5ct/** r,
-
-  /usr/share/hwdata/pnp.ids r,
-
-  # Allowed apps to open
-  @{lib}/firefox/firefox rPUx,
+  /dev/shm/MumbleLink.@{int} rw,
+  /dev/shm/#@{int} rw,
 
   # file_inherit
   owner /dev/tty@{int} rw,
 
-
-  profile open {
-    include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{sh_path}             rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{lib}/firefox/firefox rPUx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-
-  }
-
   include if exists <local/mumble>
 }
diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter
index 0bac10e6..788492cf 100644
--- a/apparmor.d/profiles-s-z/vidcutter
+++ b/apparmor.d/profiles-s-z/vidcutter
@@ -12,12 +12,9 @@ profile vidcutter @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
-  include <abstractions/dri-enumerate>
+  include <abstractions/desktop>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
@@ -26,7 +23,6 @@ profile vidcutter @{exec_path} {
   include <abstractions/qt5-shader-cache>
   include <abstractions/ssl_certs>
   include <abstractions/user-download-strict>
-  include <abstractions/X>
 
   @{exec_path} r,
   @{bin}/python3.@{int} r,
@@ -40,9 +36,6 @@ profile vidcutter @{exec_path} {
 
   @{open_path}         rPx -> child-open,
 
-  /usr/share/hwdata/pnp.ids r,
-  /usr/share/qt5ct/** r,
-
   /etc/fstab r,
   /etc/vdpau_wrapper.cfg r,
 
@@ -58,13 +51,8 @@ profile vidcutter @{exec_path} {
   owner @{user_config_dirs}/vidcutter/ rw,
   owner @{user_config_dirs}/vidcutter/* rwkl -> @{user_config_dirs}/vidcutter/#@{int},
 
-  owner @{user_cache_dirs}/ rw,
-
   owner @{user_config_dirs}/qt5ct/{,**} r,
 
-  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node@{int}/meminfo r,
-
   owner /tmp/vidcutter-@{uuid} w,
   owner /tmp/#@{int} rw,
   owner /tmp/*.jpg rwl -> /tmp/#@{int},