diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
index 985c4355..e57eca1a 100644
--- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
+++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
@@ -81,7 +81,6 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
 
   #include <abstractions/audio>
   #include <abstractions/bash>
-  #include <abstractions/consoles>
   #include <abstractions/cups-client>
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
@@ -152,6 +151,8 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
   /usr/bin/kgpg                         rix,
   /usr/bin/kleopatra                    rix,
 
+  /dev/tty                              rw,
+
   /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner   rmPUx,
   owner @{user_cache_dirs}/gstreamer-???/**                                 rw,
   unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),  #Gstreamer doesn't work without this
diff --git a/apparmor.d/groups/apt/apt-mark b/apparmor.d/groups/apt/apt-mark
index 79e3285a..5fd24129 100644
--- a/apparmor.d/groups/apt/apt-mark
+++ b/apparmor.d/groups/apt/apt-mark
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/apt-mark
 profile apt-mark @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/apt-common>
 
   @{exec_path} mr,
@@ -26,5 +25,7 @@ profile apt-mark @{exec_path} {
   /var/cache/apt/ r,
   /var/cache/apt/** rwk,
 
+  /dev/pts/[0-9]* rw,
+
   include if exists <local/apt-mark>
 }
diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session
index 49d79c73..4becf5e7 100644
--- a/apparmor.d/groups/bus/dbus-run-session
+++ b/apparmor.d/groups/bus/dbus-run-session
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/dbus-run-session
 profile dbus-run-session @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dconf-write>
 
   signal (receive) set=(term, kill, hup) peer=gdm*,
@@ -32,6 +31,9 @@ profile dbus-run-session @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
+  # file_inherit
+  /dev/tty rw,
+  /dev/tty[0-9]* rw,
 
   include if exists <local/dbus-run-session>
 }
diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache
index f0fb0c23..9736bc75 100644
--- a/apparmor.d/groups/freedesktop/fc-cache
+++ b/apparmor.d/groups/freedesktop/fc-cache
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*}
 profile fc-cache @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/fonts>
   include <abstractions/fontconfig-cache-write>
 
diff --git a/apparmor.d/groups/freedesktop/plymouth b/apparmor.d/groups/freedesktop/plymouth
index 059df5a3..67473227 100644
--- a/apparmor.d/groups/freedesktop/plymouth
+++ b/apparmor.d/groups/freedesktop/plymouth
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/plymouth
 profile plymouth @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   unix (send, receive, connect) type=stream peer=(addr="@/org/freedesktop/plymouthd"),
 
diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime
index 1cf27d71..bbc1eee6 100644
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xdg-mime
 profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/freedesktop.org>
 
   @{exec_path} r,
@@ -48,6 +47,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
 
   /dev/dri/card[0-9]* rw,
+  /dev/tty rw,
 
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two
   # following root processes:
diff --git a/apparmor.d/groups/freedesktop/xdg-open b/apparmor.d/groups/freedesktop/xdg-open
index a1030197..d6ddceae 100644
--- a/apparmor.d/groups/freedesktop/xdg-open
+++ b/apparmor.d/groups/freedesktop/xdg-open
@@ -50,6 +50,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
 
   # file_inherit
   /dev/dri/card[0-9]* rw,
+  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>
diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp
index 0d3882c7..5143346a 100644
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/xkbcomp
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
   unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
@@ -33,6 +32,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   owner /tmp/server-[0-9]*.xkm rwk,
 
   /dev/dri/card[0-9]* rw,
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
   
   deny /dev/input/event[0-9]* rw,
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index d51cc907..090e2ee8 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -13,7 +13,6 @@ include <tunables/global>
 @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap}
 profile xorg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
@@ -132,6 +131,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   /dev/input/event[0-9]* rw,
   /dev/shm/#[0-9]*[0-9] rw,
   /dev/shm/shmfd-* rw,
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
   /dev/vga_arbiter rw,  # Graphic card modules
 
diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland
index 429f076d..701a0de2 100644
--- a/apparmor.d/groups/freedesktop/xwayland
+++ b/apparmor.d/groups/freedesktop/xwayland
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path}  = /{usr/,}bin/Xwayland
 profile xwayland @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
   include <abstractions/mesa>
@@ -42,6 +41,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/comm r,
 
   /dev/tty[0-9]* rw,
+  /dev/tty rw,
 
   include if exists <local/xwayland>
 }
diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker
index 6604d117..548b699f 100644
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gdm-session-worker
 profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/authentication>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
@@ -88,6 +87,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
         @{PROC}/1/limits r,
         @{PROC}/keys r,
 
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <local/gdm-session-worker>
diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession
index 553ad6af..5f3e7745 100644
--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@@ -43,6 +43,7 @@ profile gdm-xsession @{exec_path} {
     /{usr/,}bin/dbus-update-activation-environment mr,
 
     # file_inherit
+    /dev/tty rw,
     /dev/tty[0-9]* rw,
     owner @{HOME}/.xsession-errors w,
   }
diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console
index 642a0fed..fe4e1f9d 100644
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path}  = /{usr/,}bin/gjs-console
 profile gjs-console @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
@@ -59,6 +58,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/stat r,
 
   /dev/ r,
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <local/gjs-console>
diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app
index d0ee1f70..d4f5d0bc 100644
--- a/apparmor.d/groups/gnome/gnome-extensions-app
+++ b/apparmor.d/groups/gnome/gnome-extensions-app
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/gnome-extensions-app
 profile gnome-extensions-app @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -18,6 +17,7 @@ profile gnome-extensions-app @{exec_path} {
 
   /usr/share/terminfo/x/xterm-256color r,
 
+  /dev/tty rw,
 
   include if exists <local/gnome-extensions-app>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index 14605070..6362ac80 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gnome-session-binary
 profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -142,6 +141,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pid}/cgroup r,
         @{PROC}/cmdline r,
 
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   include if exists <usr/gnome-session-binary.d>
diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings
index 24934907..2192ebae 100644
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = @{libexec}/gsd-xsettings
 profile gsd-xsettings @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-session-strict>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -71,6 +70,7 @@ profile gsd-xsettings @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
+  /dev/tty rw,
   /dev/tty[0-9]* rw,
 
   profile run-parts {
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index d0364baf..c612512d 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/nautilus
 profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/app-launcher-user>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
@@ -62,6 +61,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/mountinfo r,
         @{PROC}/@{pids}/net/wireless r,
 
+  /dev/tty rw,
   /dev/dri/card[0-9]* rw,
 
   include if exists <local/nautilus>
diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui
index fb6d2b89..79373460 100644
--- a/apparmor.d/groups/network/mullvad-gui
+++ b/apparmor.d/groups/network/mullvad-gui
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = "/opt/Mullvad VPN/mullvad-gui"
 profile mullvad-gui @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
   include <abstractions/dri-common>
@@ -70,6 +69,7 @@ profile mullvad-gui @{exec_path} {
   owner @{PROC}/@{pid}/task/@{tid}/status r,
   owner @{PROC}/@{pid}/uid_map w,
 
+  /dev/tty rw,
 
   include if exists <local/mullvad-gui>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/network/nm-openvpn-service b/apparmor.d/groups/network/nm-openvpn-service
index 8d1e0a4c..3676d643 100644
--- a/apparmor.d/groups/network/nm-openvpn-service
+++ b/apparmor.d/groups/network/nm-openvpn-service
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/nm-openvpn-service
 profile nm-openvpn-service @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability kill,
@@ -28,6 +27,7 @@ profile nm-openvpn-service @{exec_path} {
   @{run}/NetworkManager/nm-openvpn-@{uuid} rw,
 
   /dev/net/tun rw,
+  /dev/tty rw,
 
   owner @{PROC}/@{pid}/fd/ r,
 
diff --git a/apparmor.d/groups/network/wg-quick b/apparmor.d/groups/network/wg-quick
index 54a9e364..06ccb7d6 100644
--- a/apparmor.d/groups/network/wg-quick
+++ b/apparmor.d/groups/network/wg-quick
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/wg-quick
 profile wg-quick @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability net_admin,
 
@@ -40,6 +39,7 @@ profile wg-quick @{exec_path} {
 
   @{PROC}/sys/net/ipv4/conf/all/src_valid_mark w,
 
+  /dev/tty rw,
 
   # Force the use as root
   deny /{usr/,}bin/sudo x,
diff --git a/apparmor.d/groups/pacman/archlinux-java b/apparmor.d/groups/pacman/archlinux-java
index 6a433d46..06802b1f 100644
--- a/apparmor.d/groups/pacman/archlinux-java
+++ b/apparmor.d/groups/pacman/archlinux-java
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/archlinux-java
 profile archlinux-java @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -26,6 +25,7 @@ profile archlinux-java @{exec_path} {
   /{usr/,}lib/jvm/default w,
   /{usr/,}lib/jvm/default-runtime w,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/paccache b/apparmor.d/groups/pacman/paccache
index d592fffd..2dd92c43 100644
--- a/apparmor.d/groups/pacman/paccache
+++ b/apparmor.d/groups/pacman/paccache
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/paccache
 profile paccache @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -36,6 +35,7 @@ profile paccache @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
 
+  /dev/tty rw,
 
   include if exists <local/paccache>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/pacman/pacdiff b/apparmor.d/groups/pacman/pacdiff
index dd32a244..2ab10645 100644
--- a/apparmor.d/groups/pacman/pacdiff
+++ b/apparmor.d/groups/pacman/pacdiff
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pacdiff
 profile pacdiff @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -37,6 +36,7 @@ profile pacdiff @{exec_path} flags=(attach_disconnected) {
   /usr/{,**} r,
   /var/{,**} r,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny /apparmor/.null rw,
diff --git a/apparmor.d/groups/pacman/pacman-hook-dconf b/apparmor.d/groups/pacman/pacman-hook-dconf
index 431f84fb..a4f0d2fa 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dconf
+++ b/apparmor.d/groups/pacman/pacman-hook-dconf
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/dconf-update
 profile pacman-hook-dconf @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -21,6 +20,7 @@ profile pacman-hook-dconf @{exec_path} {
 
   /etc/dconf/db/{,**} rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-depmod b/apparmor.d/groups/pacman/pacman-hook-depmod
index bab25a9c..bee1028f 100644
--- a/apparmor.d/groups/pacman/pacman-hook-depmod
+++ b/apparmor.d/groups/pacman/pacman-hook-depmod
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/depmod
 profile pacman-hook-depmod @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -24,6 +23,7 @@ profile pacman-hook-depmod @{exec_path} {
 
   /usr/lib/modules/*/{,**} rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-dkms b/apparmor.d/groups/pacman/pacman-hook-dkms
index 4ef5907a..4bc084b5 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/dkms
 profile pacman-hook-dkms @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -28,6 +27,7 @@ profile pacman-hook-dkms @{exec_path} {
 
   /etc/dkms/{,*} r,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-fontconfig b/apparmor.d/groups/pacman/pacman-hook-fontconfig
index ae89d40e..38166f03 100644
--- a/apparmor.d/groups/pacman/pacman-hook-fontconfig
+++ b/apparmor.d/groups/pacman/pacman-hook-fontconfig
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/40-fontconfig-config
 profile pacman-hook-fontconfig @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -22,6 +21,7 @@ profile pacman-hook-fontconfig @{exec_path} {
   /etc/fonts/conf.d/* rwl,
   /usr/share/fontconfig/conf.default/* r,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-gio b/apparmor.d/groups/pacman/pacman-hook-gio
index d61c49b0..b748c39c 100644
--- a/apparmor.d/groups/pacman/pacman-hook-gio
+++ b/apparmor.d/groups/pacman/pacman-hook-gio
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/gio-querymodules
 profile pacman-hook-gio @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -24,6 +23,7 @@ profile pacman-hook-gio @{exec_path} {
 
   /usr/lib/gio/modules/ rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-gtk b/apparmor.d/groups/pacman/pacman-hook-gtk
index 7b5fe2e8..e110ded4 100644
--- a/apparmor.d/groups/pacman/pacman-hook-gtk
+++ b/apparmor.d/groups/pacman/pacman-hook-gtk
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/gtk-update-icon-cache
 profile pacman-hook-gtk @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -24,6 +23,7 @@ profile pacman-hook-gtk @{exec_path} {
 
   /usr/share/icons/{,**} rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
index ac186b9f..f18699b9 100644
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-install
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-install
 profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -33,6 +32,7 @@ profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected)
   / r,
   owner /boot/vmlinuz-* rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
index b425fc93..2280c274 100644
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio-remove
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-remove
 profile pacman-hook-mkinitcpio-remove @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -29,6 +28,7 @@ profile pacman-hook-mkinitcpio-remove @{exec_path} {
   /boot/initramfs-*.img rw,
   /boot/initramfs-*-fallback.img rw,
 
+  /dev/tty rw,
 
   # Inherit Silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl
index 99f936a4..b18a6005 100644
--- a/apparmor.d/groups/pacman/pacman-hook-perl
+++ b/apparmor.d/groups/pacman/pacman-hook-perl
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/detect-old-perl-modules.sh
 profile pacman-hook-perl @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
   capability mknod,
@@ -24,6 +23,7 @@ profile pacman-hook-perl @{exec_path} {
 
   /{usr/,}lib/perl[0-9]*/{,**} r,
 
+  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-hook-systemd b/apparmor.d/groups/pacman/pacman-hook-systemd
index 6a4de335..b41e0a52 100644
--- a/apparmor.d/groups/pacman/pacman-hook-systemd
+++ b/apparmor.d/groups/pacman/pacman-hook-systemd
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/systemd-hook
 profile pacman-hook-systemd @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -30,6 +29,7 @@ profile pacman-hook-systemd @{exec_path} {
 
   /usr/ rw,
 
+  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/groups/pacman/pacman-key b/apparmor.d/groups/pacman/pacman-key
index 7cc79722..3f427b9a 100644
--- a/apparmor.d/groups/pacman/pacman-key
+++ b/apparmor.d/groups/pacman/pacman-key
@@ -35,6 +35,7 @@ profile pacman-key @{exec_path} {
 
   /etc/pacman.d/gnupg/gpg.conf r,
 
+  /dev/tty rw,
 
   profile gpg {
     include <abstractions/base>
diff --git a/apparmor.d/groups/systemd/systemd-analyze b/apparmor.d/groups/systemd/systemd-analyze
index a59ecdd3..1f061307 100644
--- a/apparmor.d/groups/systemd/systemd-analyze
+++ b/apparmor.d/groups/systemd/systemd-analyze
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/systemd-analyze
 profile systemd-analyze @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/systemd-common>
 
@@ -74,5 +73,8 @@ profile systemd-analyze @{exec_path} {
   owner @{PROC}/@{pid}/comm r,
         @{PROC}/swaps r,
 
+  /dev/tty rw,
+  /dev/pts/1 rw,
+
   include if exists <local/systemd-analyze>
 }
diff --git a/apparmor.d/groups/systemd/systemd-environment-d-generator b/apparmor.d/groups/systemd/systemd-environment-d-generator
index 6b3ef2f9..e007b6dc 100644
--- a/apparmor.d/groups/systemd/systemd-environment-d-generator
+++ b/apparmor.d/groups/systemd/systemd-environment-d-generator
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/systemd/user-environment-generators/*
 profile systemd-environment-d-generator @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/systemd-common>
   include <abstractions/nameservice-strict>
 
@@ -25,6 +24,7 @@ profile systemd-environment-d-generator @{exec_path} {
 
   owner @{user_config_dirs}/environment.d/{,*.conf} r,
 
+  /dev/tty rw,
 
   include if exists <local/systemd-environment-d-generator>
 }
diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep
index fb8fab89..f2337965 100644
--- a/apparmor.d/groups/systemd/systemd-sleep
+++ b/apparmor.d/groups/systemd/systemd-sleep
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/systemd/systemd-sleep
 profile systemd-sleep @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
@@ -30,6 +29,7 @@ profile systemd-sleep @{exec_path} {
 
   @{PROC}/driver/nvidia/suspend w,
 
+  /dev/tty rw,
 
   include if exists <local/systemd-sleep>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s
index a370a512..1a5e667e 100644
--- a/apparmor.d/groups/virt/k3s
+++ b/apparmor.d/groups/virt/k3s
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{local/,}bin/k3s
 profile k3s @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/disks-read>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
@@ -168,6 +167,7 @@ profile k3s @{exec_path} {
   @{sys}/module/apparmor/parameters/enabled r,
 
   /dev/kmsg r,
+  /dev/pts/[0-9]* rw,
 
   include if exists <local/k3s>
 }
diff --git a/apparmor.d/profiles-a-f/acpid b/apparmor.d/profiles-a-f/acpid
index 486c40a9..8074ef09 100644
--- a/apparmor.d/profiles-a-f/acpid
+++ b/apparmor.d/profiles-a-f/acpid
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/acpid
 profile acpid @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -34,6 +33,7 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pids}/loginuid r,
 
   /dev/input/{,**} r,
+  /dev/tty rw,
 
   include if exists <local/acpid>
 }
diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd
index d3ef9890..a40c4249 100644
--- a/apparmor.d/profiles-a-f/apparmor.systemd
+++ b/apparmor.d/profiles-a-f/apparmor.systemd
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/apparmor/apparmor.systemd
 profile apparmor.systemd @{exec_path} flags=(complain) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability mac_admin,
@@ -42,6 +41,7 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   @{PROC}/filesystems r,
   @{PROC}/mounts r,
 
+  /dev/tty rw,
 
   include if exists <local/apparmor.systemd>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/askpass b/apparmor.d/profiles-a-f/askpass
index da82ec52..67938a92 100644
--- a/apparmor.d/profiles-a-f/askpass
+++ b/apparmor.d/profiles-a-f/askpass
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/code/extensions/git/dist/askpass.sh
 profile askpass @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   network inet dgram,
   network inet6 dgram,
@@ -26,6 +25,7 @@ profile askpass @{exec_path} {
 
   owner /tmp/tmp.* rw,
 
+  /dev/tty rw,
 
   include if exists <local/askpass>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/augenrules b/apparmor.d/profiles-a-f/augenrules
index 211a5e0d..f7356dd0 100644
--- a/apparmor.d/profiles-a-f/augenrules
+++ b/apparmor.d/profiles-a-f/augenrules
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/augenrules
 profile augenrules @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -20,6 +19,7 @@ profile augenrules @{exec_path} {
 
   owner /tmp/aurules.* rw,
 
+  /dev/tty rw,
 
   include if exists <local/augenrules>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/aurpublish b/apparmor.d/profiles-a-f/aurpublish
index 978f97ba..879199f5 100644
--- a/apparmor.d/profiles-a-f/aurpublish
+++ b/apparmor.d/profiles-a-f/aurpublish
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /usr/share/aurpublish/*.hook
 profile aurpublish @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   signal (receive) peer=git,
 
@@ -26,6 +25,7 @@ profile aurpublish @{exec_path} {
   owner @{user_projects_dirs}/**/.SRCINFO rw,
   owner @{user_projects_dirs}/**/PKGBUILD r,
 
+  /dev/tty rw,
 
   include if exists <local/aurpublish>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman
index 609b7553..362666f7 100644
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/blueman-*
 profile blueman @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/audio>
   include <abstractions/dconf-write>
   include <abstractions/fontconfig-cache-read>
@@ -68,6 +67,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   /dev/dri/card[0-9]* rw,
   /dev/rfkill r,
   /dev/shm/ r,
+  /dev/tty rw,
 
   profile open {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince
index 7768dffe..0190d419 100644
--- a/apparmor.d/profiles-a-f/evince
+++ b/apparmor.d/profiles-a-f/evince
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/evince /{usr/,}lib/evinced
 profile evince @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dconf-write>
   include <abstractions/gnome>
   include <abstractions/openssl>
@@ -41,6 +40,7 @@ profile evince @{exec_path} {
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
 
+  /dev/tty rw,
 
   include if exists <local/evince>
 }
diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg
index 359095a9..55963c46 100644
--- a/apparmor.d/profiles-a-f/firecfg
+++ b/apparmor.d/profiles-a-f/firecfg
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/firecfg
 profile firecfg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -35,6 +34,7 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
   @{user_share_dirs}/applications/ r,
   @{user_share_dirs}/applications/*.desktop rw,
 
+  /dev/tty rw,
 
   deny /apparmor/.null rw,
 
diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr
index 54e3f66e..5d5c558e 100644
--- a/apparmor.d/profiles-a-f/fwupdmgr
+++ b/apparmor.d/profiles-a-f/fwupdmgr
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/fwupdmgr
 profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/nameservice-strict>
@@ -66,6 +65,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
 
   owner @{PROC}/@{pid}/fd/ r,
 
+  /dev/tty rw,
 
   profile dbus {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-g-l/install-info b/apparmor.d/profiles-g-l/install-info
index f54441c1..a541546c 100644
--- a/apparmor.d/profiles-g-l/install-info
+++ b/apparmor.d/profiles-g-l/install-info
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/install-info
 profile install-info @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   capability dac_read_search,
 
@@ -21,6 +20,8 @@ profile install-info @{exec_path} {
   /usr/share/info/{,**} r,
   /usr/share/info/dir rw,
 
+  /dev/tty rw,
+
   # Inherit silencer
   deny network inet6 stream,
   deny network inet stream,
diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs
index 723a7480..b1332233 100644
--- a/apparmor.d/profiles-m-r/mount-zfs
+++ b/apparmor.d/profiles-m-r/mount-zfs
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/mount.zfs
 profile mount-zfs @{exec_path} flags=(complain) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -17,6 +16,8 @@ profile mount-zfs @{exec_path} flags=(complain) {
 
   @{exec_path} mr,
 
+  /dev/pts/[0-9]* rw,
+
   @{MOUNTDIRS}/ r,
   @{MOUNTS}/ r,
   @{MOUNTS}/*/ r,
diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
index d4df0d2b..17a723e0 100644
--- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
+++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/needrestart/iucode-scan-versions
 profile needrestart-iucode-scan-versions @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -30,6 +29,7 @@ profile needrestart-iucode-scan-versions @{exec_path} {
  
   @{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r,
 
+  /dev/tty rw,
 
   include if exists <local/needrestart-iucode-scan-versions>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass
index 366584a8..b701b02b 100644
--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pass
 profile pass @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -66,6 +65,7 @@ profile pass @{exec_path} {
   @{PROC}/sys/kernel/osrelease r,
   @{PROC}/uptime r,
 
+  /dev/tty rw,
 
   profile editor {
     include <abstractions/base>
diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent
index 148e25e5..fb894967 100644
--- a/apparmor.d/profiles-m-r/pkttyagent
+++ b/apparmor.d/profiles-m-r/pkttyagent
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pkttyagent
 profile pkttyagent @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
@@ -40,6 +39,7 @@ profile pkttyagent @{exec_path} {
 
   owner @{PROC}/@{pids}/stat r,
 
+  /dev/tty rw,
 
   include if exists <local/pkttyagent>
 }
diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf
index 37efaada..d5b5fdb8 100644
--- a/apparmor.d/profiles-m-r/resolvconf
+++ b/apparmor.d/profiles-m-r/resolvconf
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}sbin/resolvconf
 profile resolvconf @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
@@ -34,6 +33,7 @@ profile resolvconf @{exec_path} {
   owner @{run}/resolvconf/{,**} rw,
   owner @{run}/resolvconf/run-lock wk,
 
+  /dev/tty rw,
 
   include if exists <local/resolvconf>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/start-pulseaudio-x11 b/apparmor.d/profiles-s-z/start-pulseaudio-x11
index c14b8fa5..de71e9f4 100644
--- a/apparmor.d/profiles-s-z/start-pulseaudio-x11
+++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11
@@ -9,13 +9,13 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/start-pulseaudio-x11
 profile start-pulseaudio-x11 @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   @{exec_path} mr,
 
   /{usr/,}bin/{,ba,da}sh rix,
   /{usr/,}bin/pactl      rPx,
 
+  /dev/tty rw,
 
   include if exists <local/start-pulseaudio-x11>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/udisksctl b/apparmor.d/profiles-s-z/udisksctl
index cacf0d1b..58fca3ce 100644
--- a/apparmor.d/profiles-s-z/udisksctl
+++ b/apparmor.d/profiles-s-z/udisksctl
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/udisksctl
 profile udisksctl @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -20,6 +19,7 @@ profile udisksctl @{exec_path} {
   /{usr/,}bin/less  rPx -> child-pager,
   /{usr/,}bin/more  rPx -> child-pager,
 
+  /dev/tty rw,
 
   include if exists <local/udisksctl>
 }
diff --git a/apparmor.d/profiles-s-z/update-ca-trust b/apparmor.d/profiles-s-z/update-ca-trust
index f8067056..caa578b8 100644
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/update-ca-trust
 profile update-ca-trust @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/ssl_certs>
 
   capability dac_read_search,
@@ -31,6 +30,7 @@ profile update-ca-trust @{exec_path} {
   /etc/ssl/certs/{,*} rw,
   /etc/ssl/certs/java/cacerts{,.*} w,
 
+  /dev/tty rw,
 
   # Inherit silencer
   deny network inet6 stream,
diff --git a/apparmor.d/profiles-s-z/wl-copy b/apparmor.d/profiles-s-z/wl-copy
index 0a07cf86..880d3dc1 100644
--- a/apparmor.d/profiles-s-z/wl-copy
+++ b/apparmor.d/profiles-s-z/wl-copy
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/wl-{copy,paste}
 profile wl-copy @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
 
   @{exec_path} mr,
 
@@ -20,6 +19,7 @@ profile wl-copy @{exec_path} {
 
   owner /tmp/wl-copy-buffer-*/{,**} rw,
 
+  /dev/tty rw,
 
   include if exists <local/wl-copy>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool
index 59a1e269..f1ae419f 100644
--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{local/,}{s,}bin/zpool
 profile zpool @{exec_path} {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/disks-read>
 
   capability sys_admin,
@@ -35,6 +34,7 @@ profile zpool @{exec_path} {
   @{PROC}/@{pids}/mounts r,
   @{PROC}/sys/kernel/spl/hostid r,
 
+  /dev/pts/[0-9]* rw,
   /dev/zfs rw,
 
   include if exists <local/zpool>
diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd
index a0141ae1..d8a6c451 100644
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@@ -9,7 +9,6 @@ include <tunables/global>
 @{exec_path} = /{usr/,}{s,}bin/zsysd /{usr/,}{s,}bin/zsysctl
 profile zsysd @{exec_path} flags=(complain) {
   include <abstractions/base>
-  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
 
@@ -43,6 +42,7 @@ profile zsysd @{exec_path} flags=(complain) {
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
+  /dev/pts/[0-9]* rw,
   /dev/zfs rw,
 
   include if exists <local/zsysd>