diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client
index 9be59537..eeb05f26 100644
--- a/apparmor.d/abstractions/audio-client
+++ b/apparmor.d/abstractions/audio-client
@@ -22,6 +22,12 @@
   /etc/pulse/client.conf.d/{,**} r,
   /etc/wildmidi/wildmidi.cfg r,
 
+  owner @{desktop_cache_dirs}/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,  # libcanberra
+  owner @{desktop_config_dirs}/pulse/ rw,
+  owner @{desktop_config_dirs}/pulse/client.conf r,
+  owner @{desktop_config_dirs}/pulse/client.conf.d/{,*.conf} r,
+  owner @{desktop_config_dirs}/pulse/cookie rwk,
+
   owner @{HOME}/.alsoftrc r,
   owner @{HOME}/.asoundrc r,
   owner @{HOME}/.libao r,
diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon
index 17a8ae37..bcb4d753 100644
--- a/apparmor.d/groups/gnome/goa-daemon
+++ b/apparmor.d/groups/gnome/goa-daemon
@@ -37,10 +37,10 @@ profile goa-daemon @{exec_path} {
 
   @{exec_path} mr,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
+  @{gdm_config_dirs}/dconf/user r,
 
-  owner /var/lib/gdm{3,}/.config/ w,
-  owner /var/lib/gdm{3,}/.config/goa-1.0/ w,
+  owner @{gdm_config_dirs}/ w,
+  owner @{gdm_config_dirs}/goa-1.0/ w,
 
   owner @{user_config_dirs}/goa-1.0/ rw,
   owner @{user_config_dirs}/goa-1.0/accounts.conf* rw,
diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings
index a002792e..c92c082c 100644
--- a/apparmor.d/groups/gnome/gsd-a11y-settings
+++ b/apparmor.d/groups/gnome/gsd-a11y-settings
@@ -28,8 +28,8 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  @{gdm_config_dirs}/dconf/user r,
+  @{GDM_HOME}/greeter-dconf-defaults r,
 
   owner /dev/tty@{int} rw,
 
diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color
index e1c48c45..b7e021dd 100644
--- a/apparmor.d/groups/gnome/gsd-color
+++ b/apparmor.d/groups/gnome/gsd-color
@@ -39,11 +39,10 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
 
   /etc/timezone r,
 
-  /var/lib/flatpak/exports/share/mime/mime.cache r,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.local/share/icc/ rw,
-  /var/lib/gdm{3,}/.local/share/icc/edid-*.icc rw,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
+  owner @{gdm_share_dirs}/icc/ rw,
+  owner @{gdm_share_dirs}/icc/edid-*.icc rw,
 
   owner @{user_share_dirs}/icc/ rw,
   owner @{user_share_dirs}/icc/edid-*.icc rw,
diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime
index 047e5229..b5745014 100644
--- a/apparmor.d/groups/gnome/gsd-datetime
+++ b/apparmor.d/groups/gnome/gsd-datetime
@@ -29,8 +29,8 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/gnome-settings-daemon/datetime/backward r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   owner @{user_cache_dirs}/geocode-glib/* r,
 
diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping
index 0545fdd9..e79ad3c4 100644
--- a/apparmor.d/groups/gnome/gsd-housekeeping
+++ b/apparmor.d/groups/gnome/gsd-housekeeping
@@ -34,9 +34,9 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.local/share/applications/ w,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner@{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
+  owner @{gdm_share_dirs}/applications/ w,
 
   owner @{user_cache_dirs}/thumbnails/{,**} rw,
   owner @{user_share_dirs}/applications/ rw,
diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard
index b34a984e..c1207995 100644
--- a/apparmor.d/groups/gnome/gsd-keyboard
+++ b/apparmor.d/groups/gnome/gsd-keyboard
@@ -30,9 +30,9 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
-  /var/lib/gdm{3,}/.config/.gsd-keyboard.settings-ported* rw,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/.gsd-keyboard.settings-ported* rw,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   owner @{user_config_dirs}/.gsd-keyboard.settings-ported* rw,
   owner @{user_share_dirs}/gnome-settings-daemon/{,input-sources*} rw,
diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys
index 7b12d776..81f816e9 100644
--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@@ -90,12 +90,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/sounds/freedesktop/stereo/*.oga r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.config/pulse/client.conf r,
-  /var/lib/gdm{3,}/.config/pulse/cookie rk,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
-
-  /var/lib/flatpak/exports/share/applications/{,mimeinfo.cache} r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
 
diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power
index a893b9d9..77197f7a 100644
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@@ -56,12 +56,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
 
-  /var/lib/gdm{3,}/.config/pulse/ rw,
-  /var/lib/gdm{3,}/.config/pulse/cookie rwk,
-  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.config/pulse/client.conf r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
 
   @{run}/udev/data/+backlight:* r,
   @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing
index 640e9bf4..846e771d 100644
--- a/apparmor.d/groups/gnome/gsd-sharing
+++ b/apparmor.d/groups/gnome/gsd-sharing
@@ -35,8 +35,8 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   @{run}/systemd/sessions/* r,
   @{run}/systemd/users/@{uid} r,
diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard
index fc330bd7..4a5271c7 100644
--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@@ -32,8 +32,8 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
 
   /etc/opensc.conf r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   /var/tmp/ r,
   /tmp/ r,
diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound
index 9d81f9f4..c15c7033 100644
--- a/apparmor.d/groups/gnome/gsd-sound
+++ b/apparmor.d/groups/gnome/gsd-sound
@@ -30,9 +30,9 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /var/lib/gdm{3,}/.local/share/sounds/ rw,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
+  owner @{gdm_share_dirs}/sounds/ rw,
 
   owner @{user_share_dirs}/sounds/ rw,
 
diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom
index 7bfee223..a4771159 100644
--- a/apparmor.d/groups/gnome/gsd-wacom
+++ b/apparmor.d/groups/gnome/gsd-wacom
@@ -29,8 +29,8 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/libwacom/{,*} r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{gdm_config_dirs}/dconf/user r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
 
   owner /dev/tty@{int} rw,
 
diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings
index 607c5aaa..eb14882f 100644
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@@ -62,9 +62,9 @@ profile gsd-xsettings @{exec_path} {
   @{etc_ro}/xdg/Xwayland-session.d/ r,
   @{etc_ro}/xdg/Xwayland-session.d/* rix,
 
-  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm3/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   @{run}/systemd/sessions/* r,
   @{run}/systemd/users/@{uid} r,
diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames
index 8a49cec4..932c978a 100644
--- a/apparmor.d/groups/gnome/mutter-x11-frames
+++ b/apparmor.d/groups/gnome/mutter-x11-frames
@@ -22,9 +22,9 @@ profile mutter-x11-frames @{exec_path} flags=(attach_disconnected) {
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
 
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
+  owner @{gdm_config_dirs}/dconf/user r,
 
   @{sys}/devices/@{pci}/boot_vga r,
 
diff --git a/apparmor.d/groups/gnome/session-migration b/apparmor.d/groups/gnome/session-migration
index f9bc0213..df75bf64 100644
--- a/apparmor.d/groups/gnome/session-migration
+++ b/apparmor.d/groups/gnome/session-migration
@@ -14,9 +14,8 @@ profile session-migration @{exec_path} {
 
   /usr/share/session-migration/{,**} r,
 
-  /var/lib/gdm{3,}/.local/share/session_migration-* r,
-
-  owner @{user_share_dirs}/session_migration-ubuntu rw,
+  owner @{gdm_share_dirs}/session_migration-* rw,
+  owner @{user_share_dirs}/session_migration-* rw,
 
   include if exists <local/session-migration>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index 9f00a3d8..92612cf3 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -49,19 +49,17 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
   /etc/blkid.conf r,
   /etc/fstab r,
 
-  /var/lib/gdm{3,}/.cache/ rw,
-  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
-  /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
-  /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
-  /var/lib/gdm{3,}/.cache/tracker3/{,**} rw,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
-
-  /var/lib/lightdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} r,
-
   /var/lib/flatpak/exports/share/applications/mimeinfo.cache r,
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_cache_dirs}/ rw,
+  owner @{gdm_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
+  owner @{gdm_cache_dirs}/gstreamer-1.0/ rw,
+  owner @{gdm_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
+  owner @{gdm_cache_dirs}/tracker3/{,**} rw,
+  owner @{gdm_config_dirs}/dconf/user r,
+
   # Allow to search user files
   owner @{HOME}/{,**} r,
   owner @{MOUNTS}/{,**} r,
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index c0e4d693..a3cbb93b 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -47,16 +47,12 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
   /var/lib/flatpak/exports/share/applications/{,mimeinfo.cache} r,
   /var/lib/snapd/desktop/applications/{,mimeinfo.cache} r,
 
-  /var/lib/gdm{3,}/ r,
-  /var/lib/gdm{3,}/.cache/gstreamer-*/registry.*.bin r,
-  /var/lib/gdm{3,}/.cache/tracker3/{,tracker3/}files/{,**} rwk,
-  /var/lib/gdm{3,}/.config/dconf/user r,
-  /var/lib/gdm{3,}/.local/share/applications/ r,
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
-
-  /var/lib/lightdm/.config/dconf/user r,
-  /var/lib/lightdm/.cache/tracker3/files/meta.db{,-wal} rwk,
-  /var/lib/lightdm/.cache/tracker3/files/no-need-mtime-check.txt{,.@{rand6}} rw,
+  owner @{GDM_HOME}/ r,
+  owner @{GDM_HOME}/greeter-dconf-defaults r,
+  owner @{gdm_cache_dirs}/gstreamer-*/registry.*.bin r,
+  owner @{gdm_cache_dirs}/tracker3/{,tracker3/}files/{,**} rwk,
+  owner @{gdm_config_dirs}/dconf/user r,
+  owner @{gdm_share_dirs}/applications/ r,
 
   owner /var/tmp/etilqs_@{hex} rw,