diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez
index 5838ee22..780a4728 100644
--- a/apparmor.d/abstractions/bus/org.bluez
+++ b/apparmor.d/abstractions/bus/org.bluez
@@ -12,6 +12,16 @@
        member=PropertiesChanged
        peer=(name=:*, label=bluetoothd),
 
+  dbus send bus=system path=/
+       interface=org.freedesktop.DBus.ObjectManager
+       member=GetManagedObjects
+       peer=(name=:*, label=bluetoothd),
+
+  dbus send bus=system path=/org/bluez
+       interface=org.bluez.AgentManager@{int}
+       member=UnregisterAgent
+       peer=(name=org.bluez, label=bluetoothd),
+
   dbus send bus=system path=/org/bluez
        interface=org.bluez.ProfileManager@{int}
        member=RegisterProfile
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
index 0a8d57be..e9add589 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
+++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
@@ -42,6 +42,11 @@
        member=Introspect
        peer=(name=:*, label=NetworkManager),
 
+  dbus receive bus=system path=/org/freedesktop
+       interface=org.freedesktop.DBus.ObjectManager
+       member=InterfacesAdded
+       peer=(name=:*, label=NetworkManager),
+
   dbus receive bus=system path=/org/freedesktop/NetworkManager{,/**}
        interface=org.freedesktop.DBus.Properties
        member=PropertiesChanged
@@ -59,7 +64,7 @@
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.NetworkManager
-       member={DeviceAdded,DeviceRemoved,StateChanged}
+       member={CheckPermissions,DeviceAdded,DeviceRemoved,StateChanged}
        peer=(name=:*, label=NetworkManager),
 
   include if exists <abstractions/bus/org.freedesktop.NetworkManager.d>
diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1
index 8c0d80e4..8d68238b 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.login1
+++ b/apparmor.d/abstractions/bus/org.freedesktop.login1
@@ -14,7 +14,7 @@
 
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
-       member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend}
+       member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend,CreateSession}
        peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind),
 
   dbus receive bus=system path=/org/freedesktop/login1
diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl
index 3bfe27a1..7815e7f7 100644
--- a/apparmor.d/groups/systemd/networkctl
+++ b/apparmor.d/groups/systemd/networkctl
@@ -27,6 +27,11 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
   unix (bind) type=stream addr=@@{hex}/bus/networkctl/system,
 
   # dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd
+  # No label available
+  dbus send bus=system path=/org/freedesktop/network@{int}
+       interface=org.freedesktop.DBus.Properties
+       member=Get
+       peer=(name=org.freedesktop.network@{int}),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/systemd/systemd-journald b/apparmor.d/groups/systemd/systemd-journald
index 707fbe96..4aceaba7 100644
--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@@ -53,6 +53,7 @@ profile systemd-journald @{exec_path} {
   @{run}/udev/data/+platform:*   r,
   @{run}/udev/data/+scsi:*      r,
   @{run}/udev/data/+sdio:*      r,
+  @{run}/udev/data/+thunderbolt:* r,
   @{run}/udev/data/+usb-serial:* r,
   @{run}/udev/data/+usb:*       r,
   @{run}/udev/data/+virtio:*    r,
diff --git a/apparmor.d/groups/ubuntu/do-release-upgrade b/apparmor.d/groups/ubuntu/do-release-upgrade
index bf0bf16c..d3badbbf 100644
--- a/apparmor.d/groups/ubuntu/do-release-upgrade
+++ b/apparmor.d/groups/ubuntu/do-release-upgrade
@@ -10,6 +10,7 @@ include <tunables/global>
 profile do-release-upgrade @{exec_path} {
   include <abstractions/base>
   include <abstractions/apt-common>
+  include <abstractions/consoles>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
diff --git a/apparmor.d/profiles-a-f/cups-browsed b/apparmor.d/profiles-a-f/cups-browsed
index 13a4df17..b63f8995 100644
--- a/apparmor.d/profiles-a-f/cups-browsed
+++ b/apparmor.d/profiles-a-f/cups-browsed
@@ -30,6 +30,11 @@ profile cups-browsed @{exec_path} {
        member=StateChanged
        peer=(name=:*, label=avahi-daemon),
 
+  dbus receive bus=system path=/org/freedesktop/NetworkManager
+       interface=org.freedesktop.NetworkManager
+       member=CheckPermissions
+       peer=(name=:*, label=NetworkManager),
+
   @{exec_path} mr,
 
   /usr/share/cups/locale/{,**} r,
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index 81730a36..84868aac 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -11,6 +11,7 @@ include <tunables/global>
 profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
+  include <abstractions/bus/org.bluez>
   include <abstractions/bus/org.freedesktop.ModemManager1>
   include <abstractions/bus/org.freedesktop.PolicyKit1>
   include <abstractions/bus/org.freedesktop.UDisks2>
diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd
index 9afda162..b1007cea 100644
--- a/apparmor.d/profiles-m-r/obexd
+++ b/apparmor.d/profiles-m-r/obexd
@@ -19,6 +19,11 @@ profile obexd @{exec_path} {
 
   # dbus: own bus=session name=org.bluez.obex
 
+  dbus receive bus=system path=/org/bluez/obex/@{uuid}
+       interface=org.bluez.Profile1
+       member=Release
+       peer=(name=:*, label=bluetoothd),
+
   @{exec_path} mr,
 
   owner @{user_cache_dirs}/ rw,