diff --git a/apparmor.d/abstractions/apt-common b/apparmor.d/abstractions/apt-common
index 089b3901..df874af8 100644
--- a/apparmor.d/abstractions/apt-common
+++ b/apparmor.d/abstractions/apt-common
@@ -4,6 +4,9 @@
 
   abi <abi/3.0>,
 
+  /usr/share/dpkg/cputable r,
+  /usr/share/dpkg/tupletable r,
+
   /etc/apt/apt.conf r,
   /etc/apt/apt.conf.d/{,*} r,
 
@@ -20,9 +23,6 @@
   /var/cache/apt/pkgcache.bin r,
   /var/cache/apt/srcpkgcache.bin r,
 
-  /usr/share/dpkg/cputable r,
-  /usr/share/dpkg/tupletable r,
-
   /var/lib/dpkg/status r,
   /var/lib/ubuntu-advantage/apt-esm/{,**} r,
 
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1
new file mode 100644
index 00000000..15c97d9a
--- /dev/null
+++ b/apparmor.d/abstractions/bus/org.freedesktop.network1
@@ -0,0 +1,10 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  dbus send bus=system path=/org/freedesktop/network1
+       interface=org.freedesktop.DBus.Properties
+       member=Get
+       peer=(name=org.freedesktop.network1, label=systemd-networkd),
+
+  include if exists <abstractions/bus/org.freedesktop.network1.d>
diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index ac3d74e5..54a6be18 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -40,6 +40,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   include <abstractions/user-read>
   include <abstractions/vulkan>
 
+#   userns,
+
   capability sys_admin, # If kernel.unprivileged_userns_clone = 1
   capability sys_chroot, # If kernel.unprivileged_userns_clone = 1
   capability sys_ptrace,
diff --git a/apparmor.d/groups/freedesktop/dconf-editor b/apparmor.d/groups/freedesktop/dconf-editor
index 4e1238c0..63b88172 100644
--- a/apparmor.d/groups/freedesktop/dconf-editor
+++ b/apparmor.d/groups/freedesktop/dconf-editor
@@ -12,15 +12,10 @@ profile dconf-editor @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/fonts>
-  include <abstractions/freedesktop.org>
-  include <abstractions/gtk>
+  include <abstractions/gnome-strict>
 
   @{exec_path} mr,
 
-  /usr/share/glib-2.0/schemas/{,*} r,
-  /usr/share/X11/xkb/{,**} r,
-
   # When GSETTINGS_BACKEND=keyfile
   owner @{user_config_dirs}/glib-2.0/ rw,
   owner @{user_config_dirs}/glib-2.0/settings/ rw,
diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire
index eb26af5c..1d085409 100644
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@@ -35,7 +35,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
        member=Introspect
        peer=(name=:*, label=gnome-shell),
 
-  @{exec_path} mr,
+  @{exec_path} mrix,
 
   @{bin}/pactl                   rix,
   @{bin}/pipewire-media-session  rPx,
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index 7f3078fc..faf47e8e 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -85,6 +85,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   @{run}/lightdm/{,**} rw,
 
         /tmp/ r,
+        /tmp/server-[0-9].xkm rw,
   owner /tmp/.tX[0-9]-lock rwk,
   owner /tmp/.X[0-9]-lock rwkl -> /tmp/.tX[0-9]-lock,
   owner /tmp/server-* rwk,
diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify
index 939c18c2..21b914a8 100644
--- a/apparmor.d/groups/gnome/evolution-alarm-notify
+++ b/apparmor.d/groups/gnome/evolution-alarm-notify
@@ -36,10 +36,6 @@ profile evolution-alarm-notify @{exec_path} {
   /usr/share/evolution-data-server/{,**} r,
   /usr/share/{,zoneinfo-}icu/{,**} r,
 
-  # freedesktop.org-strict
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/*ubuntu/applications/ r,
-
   /etc/timezone r,
 
   include if exists <local/evolution-alarm-notify>
diff --git a/apparmor.d/groups/gnome/gnome-control-center-print-renderer b/apparmor.d/groups/gnome/gnome-control-center-print-renderer
index 3a53ea19..e82e7c79 100644
--- a/apparmor.d/groups/gnome/gnome-control-center-print-renderer
+++ b/apparmor.d/groups/gnome/gnome-control-center-print-renderer
@@ -15,33 +15,21 @@ profile gnome-control-center-print-renderer @{exec_path} {
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
-  include <abstractions/fonts>
-  include <abstractions/gtk>
+  include <abstractions/gnome-strict>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/opencl-nvidia>
   include <abstractions/vulkan>
-  include <abstractions/wayland>
 
   @{exec_path} mr,
 
   /usr/share/egl/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/icons/{,**} r,
   /usr/share/libdrm/*.ids r,
-  /usr/share/mime/mime.cache r,
   /usr/share/pixmaps/{,**} r,
-  /usr/share/X11/xkb/** r,
 
   /var/lib/flatpak/exports/share/icons/{,**} r,
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
-  /var/lib/snapd/desktop/icons/{,**} r,
-
-  owner @{user_share_dirs}/icons/{,**} r,
-
-  owner @{run}/user/@{uid}/gdm/Xauthority r,
-
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/comm r,
 
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index daabe2e0..6e7bfb22 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -48,7 +48,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter/applications/*.desktop r,
-  /usr/share/gvfs/remote-volume-monitors/{,*} r,
   /usr/share/hwdata/*.ids r,
   /usr/share/ladspa/rdf/{,**} r,
   /usr/share/osinfo/{,**} r,
diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav
index de9cf025..dc555328 100644
--- a/apparmor.d/groups/gvfs/gvfsd-dav
+++ b/apparmor.d/groups/gvfs/gvfsd-dav
@@ -24,6 +24,7 @@ profile gvfsd-dav @{exec_path} {
   network netlink raw,
 
   @{exec_path} mr,
+
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/mime/mime.cache r,
 
diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network
index 1208707a..f0c11801 100644
--- a/apparmor.d/groups/gvfs/gvfsd-network
+++ b/apparmor.d/groups/gvfs/gvfsd-network
@@ -13,6 +13,8 @@ profile gvfsd-network @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/dconf-write>
 
+  dbus bind bus=session name=org.gtk.vfs.mountpoint_@{int},
+
   dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int}
        interface=org.gtk.vfs.Spawner
        member=Spawned
@@ -38,9 +40,6 @@ profile gvfsd-network @{exec_path} {
        member=GetConnection
        peer=(name=:*, label=gnome-control-center),
 
-  dbus bind bus=session
-       name=org.gtk.vfs.mountpoint_[0-9]*,
-
   @{exec_path} mr,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl
index 23c619ee..5e60996d 100644
--- a/apparmor.d/groups/systemd/networkctl
+++ b/apparmor.d/groups/systemd/networkctl
@@ -11,6 +11,7 @@ include <tunables/global>
 profile networkctl @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.freedesktop.network1>
 
   capability net_admin,
   capability sys_module,
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index 927b67fb..43c4b8df 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -72,6 +72,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
 
   / r,
   /boot/{,**} r,
+  /efi/{,**} r,
   /swap/swapfile r,
   /swapfile r,
 
diff --git a/apparmor.d/groups/ubuntu/check-new-release-gtk b/apparmor.d/groups/ubuntu/check-new-release-gtk
index 8fdc7051..8f8bddcd 100644
--- a/apparmor.d/groups/ubuntu/check-new-release-gtk
+++ b/apparmor.d/groups/ubuntu/check-new-release-gtk
@@ -14,13 +14,11 @@ profile check-new-release-gtk @{exec_path} {
   include <abstractions/bus-session>
   include <abstractions/bus/org.a11y>
   include <abstractions/dconf-write>
-  include <abstractions/fonts>
-  include <abstractions/gtk>
+  include <abstractions/gnome-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
   include <abstractions/ssl_certs>
-  include <abstractions/wayland>
 
   network inet dgram,
   network inet6 dgram,
@@ -35,12 +33,8 @@ profile check-new-release-gtk @{exec_path} {
   @{bin}/lsb_release  rPx -> lsb_release,
 
   /usr/share/distro-info/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/icons/{,**} r,
-  /usr/share/themes/{,**} r,
   /usr/share/ubuntu-release-upgrader/{,**} r,
   /usr/share/update-manager/{,**} r,
-  /usr/share/X11/xkb/{,**} r,
   /usr/share/dconf/profile/gdm r,
 
   /etc/update-manager/{,**} r,
diff --git a/apparmor.d/groups/virt/cockpit-bridge b/apparmor.d/groups/virt/cockpit-bridge
index 3238477b..f73e95a8 100644
--- a/apparmor.d/groups/virt/cockpit-bridge
+++ b/apparmor.d/groups/virt/cockpit-bridge
@@ -59,6 +59,7 @@ profile cockpit-bridge @{exec_path} {
   @{sys}/class/hwmon/ r,
   @{sys}/devices/**/hwmon@{int}/ r,
   @{sys}/devices/**/hwmon@{int}/{name,temp*} r,
+  @{sys}/fs/cgroup/ r,
   @{sys}/fs/cgroup/**/ r,
   @{sys}/fs/cgroup/**/cpu.{stat,weight} r,
   @{sys}/fs/cgroup/**/memory* r,
diff --git a/apparmor.d/groups/virt/cockpit-pcp b/apparmor.d/groups/virt/cockpit-pcp
index d7d3d654..6f8a2339 100644
--- a/apparmor.d/groups/virt/cockpit-pcp
+++ b/apparmor.d/groups/virt/cockpit-pcp
@@ -27,16 +27,17 @@ profile cockpit-pcp @{exec_path} {
   /var/lib/pcp/{,**} rw,
 
   /var/log/pcp/pmlogger/ r,
+  /var/log/pcp/pmlogger/** r,
 
   @{sys}/fs/cgroup/{,**/} r,
   @{sys}/fs/cgroup/**/{memory,cpu}* r,
   @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r,
   @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r,
 
+        @{PROC}/@{pid}/net/dev r,
         @{PROC}/diskstats r,
         @{PROC}/swaps r,
   owner @{PROC}/@{pid}/mounts r,
-        @{PROC}/@{pid}/net/dev r,
 
   include if exists <local/cockpit-pcp>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd
index 137ef88e..87cb6827 100644
--- a/apparmor.d/groups/virt/dockerd
+++ b/apparmor.d/groups/virt/dockerd
@@ -32,9 +32,8 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
   network inet6 stream,
   network netlink raw,
 
-  mount fstype=overlayfs -> /var/lib/docker/overlay2/*/merged/,
+  mount /var/lib/docker/overlay2/**/,
   mount options=(rw, bind) -> /run/docker/netns/*,
-  mount options=(rw, rbind) -> /var/lib/docker/overlay*/**/,
   mount options=(rw, rbind) -> /var/lib/docker/tmp/docker-builder[0-9]*/,
   mount options=(rw, rprivate) -> /.pivot_root[0-9]*/,
   mount options=(rw, rslave) -> /,
diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer
index d2f89433..b43cbd8a 100644
--- a/apparmor.d/profiles-a-f/amixer
+++ b/apparmor.d/profiles-a-f/amixer
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -15,9 +16,11 @@ profile amixer @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/pipewire/client.conf r,
+  /usr/share/pipewire/client-rt.conf r,
 
-  /var/lib/dbus/machine-id r,
   /etc/machine-id r,
+  /etc/pipewire/client-rt.conf.d/{,*} r,
+  /var/lib/dbus/machine-id r,
 
   owner @{HOME}/.Xauthority r,
 
@@ -25,7 +28,6 @@ profile amixer @{exec_path} {
 
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-  # file_inherit
   owner /dev/tty@{int} rw,
 
   include if exists <local/amixer>
diff --git a/apparmor.d/profiles-g-l/haveged b/apparmor.d/profiles-g-l/haveged
index 48d3dd08..0327acc1 100644
--- a/apparmor.d/profiles-g-l/haveged
+++ b/apparmor.d/profiles-g-l/haveged
@@ -1,32 +1,31 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2009-2012 Steve Kostecke <steve@debian.org>;
-#               2011-2014 Jérémy Bobbio <lunar@debian.org>;
-#               2020 krathalan https://git.sr.ht/~krathalan/apparmor-profiles/
+# Copyright (C) 2011-2014 Jérémy Bobbio <lunar@debian.org>;
+# Copyright (C) 2020 krathalan https://git.sr.ht/~krathalan/apparmor-profiles/
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-3.0-only
 
-# Version of program profiled: 1.9.14
-
 abi <abi/3.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{bin}/haveged
 profile haveged @{exec_path} {
   include <abstractions/base>
 
-  # Required for ioctl RNDADDENTROPY
   capability sys_admin,
 
-  owner @{PROC}/@{pid}/status r,
-
   @{exec_path} mr,
 
-  @{PROC}/sys/kernel/osrelease r,
-  @{PROC}/sys/kernel/random/poolsize r,
-  @{PROC}/sys/kernel/random/write_wakeup_threshold w,
-  /dev/random w,
-
   @{sys}/devices/system/cpu/cpu@{int}/cache/ r,
   @{sys}/devices/system/cpu/cpu@{int}/cache/index*/{type,size,level} r,
 
+        @{PROC}/sys/kernel/osrelease r,
+        @{PROC}/sys/kernel/random/poolsize r,
+        @{PROC}/sys/kernel/random/write_wakeup_threshold w,
+  owner @{PROC}/@{pid}/status r,
+
+  /dev/random w,
+
   include if exists <local/haveged>
 }
diff --git a/apparmor.d/profiles-g-l/id b/apparmor.d/profiles-g-l/id
index e8e7c140..a5933f00 100644
--- a/apparmor.d/profiles-g-l/id
+++ b/apparmor.d/profiles-g-l/id
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
diff --git a/apparmor.d/profiles-g-l/ifconfig b/apparmor.d/profiles-g-l/ifconfig
index df9d8c9e..fd051467 100644
--- a/apparmor.d/profiles-g-l/ifconfig
+++ b/apparmor.d/profiles-g-l/ifconfig
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -12,23 +13,20 @@ profile ifconfig @{exec_path} {
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
-  # To be able to manage network interfaces.
   capability net_admin,
-
-  # Needed?
-  audit deny capability sys_module,
+  capability sys_module,
 
   network inet dgram,
   network inet6 dgram,
 
   @{exec_path} mr,
 
-  @{PROC}/net/dev r,
-  @{PROC}/net/if_inet6 r,
+  /etc/networks r,
+
   @{PROC}/@{pid}/net/dev r,
   @{PROC}/@{pid}/net/if_inet6 r,
-
-  /etc/networks r,
+  @{PROC}/net/dev r,
+  @{PROC}/net/if_inet6 r,
 
   include if exists <local/ifconfig>
 }
diff --git a/apparmor.d/profiles-g-l/initd-kmod b/apparmor.d/profiles-g-l/initd-kmod
index 2f81edd1..446a64d5 100644
--- a/apparmor.d/profiles-g-l/initd-kmod
+++ b/apparmor.d/profiles-g-l/initd-kmod
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -27,7 +28,6 @@ profile initd-kmod @{exec_path} {
   /etc/modules-load.d/*.conf r,
   /etc/modules r,
 
-
   profile run-parts {
     include <abstractions/base>
 
@@ -35,6 +35,7 @@ profile initd-kmod @{exec_path} {
 
     /etc/modules-load.d/ r,
 
+    include if exists <local/initd-kmod_run-parts>
   }
 
   profile systemctl {
@@ -54,6 +55,7 @@ profile initd-kmod @{exec_path} {
     owner @{run}/systemd/ask-password/ rw,
     owner @{run}/systemd/ask-password-block/* rw,
 
+    include if exists <local/initd-kmod_systemctl>
   }
 
   include if exists <local/initd-kmod>
diff --git a/apparmor.d/profiles-g-l/jitterentropy-rngd b/apparmor.d/profiles-g-l/jitterentropy-rngd
index 5921dcc9..60f3039a 100644
--- a/apparmor.d/profiles-g-l/jitterentropy-rngd
+++ b/apparmor.d/profiles-g-l/jitterentropy-rngd
@@ -15,7 +15,10 @@ profile jitterentropy-rngd @{exec_path} {
   @{exec_path} mr,
 
   @{PROC}/sys/kernel/random/entropy_avail r,
+  @{PROC}/sys/kernel/random/poolsize r,
   @{PROC}/sys/kernel/random/write_wakeup_threshold r,
 
+  /dev/random w,
+
   include if exists <local/jitterentropy-rngd>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy
index 7161f204..f1fe7bc2 100644
--- a/apparmor.d/profiles-g-l/keepassxc-proxy
+++ b/apparmor.d/profiles-g-l/keepassxc-proxy
@@ -27,6 +27,7 @@ profile keepassxc-proxy @{exec_path} {
   owner @{run}/user/@{pid}/app/ w,
   owner @{run}/user/@{pid}/org.keepassxc.KeePassXC.BrowserServer rw,
   owner @{run}/user/@{pid}/org.keepassxc.KeePassXC/ rw,
+  owner @{run}/user/@{uid}/app/org.keepassxc.KeePassXC/ rw,
 
   # file_inherit
   deny owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw,
diff --git a/apparmor.d/profiles-g-l/logrotate b/apparmor.d/profiles-g-l/logrotate
index c9783723..7d8312aa 100644
--- a/apparmor.d/profiles-g-l/logrotate
+++ b/apparmor.d/profiles-g-l/logrotate
@@ -46,8 +46,8 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
   @{bin}/mysqladmin                        rPUx,
   @{bin}/systemd-tty-ask-password-agent    rPx,
   @{lib}/php/php[7-8].[3-4]-fpm-reopenlogs rPUx,
-  /etc/init.d/nginx                             rPUx,
-  @{bin}/squid                         rPUx,
+  /etc/init.d/nginx                        rPUx,
+  @{bin}/squid                             rPUx,
 
   @{bin}/pgrep rCx -> pgrep,
 
diff --git a/apparmor.d/profiles-m-r/mate-notification-daemon b/apparmor.d/profiles-m-r/mate-notification-daemon
index f393a5cc..04b94524 100644
--- a/apparmor.d/profiles-m-r/mate-notification-daemon
+++ b/apparmor.d/profiles-m-r/mate-notification-daemon
@@ -15,8 +15,6 @@ profile mate-notification-daemon @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-
   owner @{HOME}/.Xauthority r,
 
   include if exists <local/mate-notification-daemon>
diff --git a/apparmor.d/profiles-m-r/nvidia-settings b/apparmor.d/profiles-m-r/nvidia-settings
index 63475611..ecfe82a6 100644
--- a/apparmor.d/profiles-m-r/nvidia-settings
+++ b/apparmor.d/profiles-m-r/nvidia-settings
@@ -11,15 +11,12 @@ profile nvidia-settings @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
   include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
   include <abstractions/opencl-nvidia>
 
   @{exec_path} mr,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  /usr/share/icons/{,**} r,
-  /usr/share/mime/mime.cache r,
   /usr/share/pixmaps/{,**} r,
-  /usr/share/X11/xkb/{,**} r,
 
   include if exists <local/nvidia-settings>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-m-r/polipo b/apparmor.d/profiles-m-r/polipo
deleted file mode 100644
index 22927498..00000000
--- a/apparmor.d/profiles-m-r/polipo
+++ /dev/null
@@ -1,28 +0,0 @@
-# apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2018-2021 Mikhail Morfikov
-# SPDX-License-Identifier: GPL-2.0-only
-
-abi <abi/3.0>,
-
-include <tunables/global>
-
-@{exec_path} = @{bin}/polipo
-profile polipo @{exec_path} {
-  include <abstractions/base>
-
-  @{exec_path} mr,
-
-  /etc/polipo/* r,
-
-  owner /var/log/polipo/ r,
-  owner /var/log/polipo/polipo.log w,
-
-  # Cache dir
-  owner /var/cache/polipo/{,*} rw,
-  owner @{HOME}/.polipo-cache/{,*} rw,
-
-  # Nameservice
-  @{etc_rw}/resolv.conf r,
-
-  include if exists <local/polipo>
-}
diff --git a/apparmor.d/profiles-s-z/sulogin b/apparmor.d/profiles-s-z/sulogin
index 1cfbe35c..06182c00 100644
--- a/apparmor.d/profiles-s-z/sulogin
+++ b/apparmor.d/profiles-s-z/sulogin
@@ -15,14 +15,16 @@ profile sulogin @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/{,ba,da}sh  rux,
+  # The shell is not confined on purpose.
+  @{bin}/{,b,d,rb}ash         rUx,
+  @{bin}/{c,k,tc,z}sh         rUx,
 
   /etc/shadow r,
 
+  @{PROC}/consoles r,
+
   /dev/ r,
   /dev/tty@{int} rw,
 
-  @{PROC}/consoles r,
-
   include if exists <local/sulogin>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/syncthing b/apparmor.d/profiles-s-z/syncthing
index 4363bdba..28d4e6b6 100644
--- a/apparmor.d/profiles-s-z/syncthing
+++ b/apparmor.d/profiles-s-z/syncthing
@@ -21,7 +21,7 @@ profile syncthing @{exec_path} {
 
   @{exec_path} mrix,
 
-  @{bin}/xdg-open  rCx -> open,
+  @{bin}/xdg-open  rPx -> child-open,
   @{bin}/ip        rix,
 
   /usr/share/mime/{,*} r,
@@ -41,27 +41,5 @@ profile syncthing @{exec_path} {
   @{PROC}/sys/net/core/somaxconn r,
   @{PROC}/@{pids}/net/route r,
 
-  profile open {
-    include <abstractions/base>
-    include <abstractions/xdg-open>
-
-    @{bin}/xdg-open mr,
-
-    @{bin}/{,ba,da}sh      rix,
-    @{bin}/{m,g,}awk       rix,
-    @{bin}/readlink        rix,
-    @{bin}/basename        rix,
-
-    owner @{HOME}/ r,
-    owner @{run}/user/@{uid}/ r,
-
-    # Allowed apps to open
-    @{bin}/firefox          rPx,
-    @{lib}/firefox/firefox  rPx,
-
-    # file_inherit
-    owner @{HOME}/.xsession-errors w,
-  }
-
   include if exists <local/syncthing>
 }
diff --git a/apparmor.d/profiles-s-z/w b/apparmor.d/profiles-s-z/w
index f9b61886..ea1cc831 100644
--- a/apparmor.d/profiles-s-z/w
+++ b/apparmor.d/profiles-s-z/w
@@ -1,6 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2021 Mikhail Morfikov
-#               2021 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -23,12 +23,15 @@ profile w @{exec_path} {
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node@{int}/meminfo r,
 
+  @{run}/systemd/sessions/ r,
+  @{run}/systemd/sessions/@{int} r,
+
   @{PROC}/ r,
-  @{PROC}/uptime r,
-  @{PROC}/sys/kernel/osrelease r,
-  @{PROC}/loadavg r,
-  @{PROC}/@{pids}/stat r,
   @{PROC}/@{pids}/cmdline r,
+  @{PROC}/@{pids}/stat r,
+  @{PROC}/loadavg r,
+  @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/uptime r,
 
   include if exists <local/w>
 }