diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
index cab6e32c..12c98f8c 100644
--- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
+++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent
@@ -11,6 +11,7 @@ profile akonadi_mailmerge_agent @{exec_path} {
   include <abstractions/base>
   include <abstractions/dri-common>
   include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/X-strict>
@@ -23,8 +24,6 @@ profile akonadi_mailmerge_agent @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/hwdata/*.ids r,
-  /usr/share/icons/{,**} r,
-  /usr/share/mime/{,**} r,
   /usr/share/qt/translations/*.qm r,
 
   owner @{user_cache_dirs}/icon-cache.kcache rw,
diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent
index 1bda7c76..491ace3d 100644
--- a/apparmor.d/groups/akonadi/akonadi_migration_agent
+++ b/apparmor.d/groups/akonadi/akonadi_migration_agent
@@ -12,6 +12,7 @@ profile akonadi_migration_agent @{exec_path} {
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
   include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
@@ -21,7 +22,6 @@ profile akonadi_migration_agent @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/hwdata/*.ids r,
-  /usr/share/mime/{,**} r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
 
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent
index 96d80f11..c94ffd94 100644
--- a/apparmor.d/groups/akonadi/akonadi_notes_agent
+++ b/apparmor.d/groups/akonadi/akonadi_notes_agent
@@ -28,7 +28,6 @@ profile akonadi_notes_agent @{exec_path} {
 
   /usr/share/hwdata/*.ids r,
   /usr/share/mime/{,**} r,
-  /usr/share/qt/translations/*.qm r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
index d2206237..ffe8caaa 100644
--- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
+++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
@@ -32,6 +32,7 @@ profile polkit-kde-authentication-agent @{exec_path} {
   /{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
 
   /usr/share/hwdata/pnp.ids r,
+  /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
   /usr/share/qt5ct/** r,
 
   /etc/machine-id r,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
index 726deaa0..30abb79e 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@@ -166,6 +166,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   owner /tmp/runtime-*/xauth_?????? r,
 
         @{run}/mount/utab r,
+        @{run}/user/@{uid}/xauth_* rl,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
   owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/wayland-[0-9]* rw,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
index 4dbc0bcf..7eb2a33b 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
@@ -10,17 +10,25 @@ include <tunables/global>
 profile xdg-desktop-portal-kde @{exec_path} {
   include <abstractions/base>
   include <abstractions/dri-common>
+  include <abstractions/dri-enumerate>
   include <abstractions/freedesktop.org>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5>
   include <abstractions/vulkan>
 
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
   @{exec_path} mr,
 
   /usr/share/hwdata/pnp.ids r,
   /usr/share/icu/[0-9]*.[0-9]*/*.dat r,
   /usr/share/mime/{,**} r,
+  /usr/share/qt5/qtlogging.ini r,
 
   /etc/xdg/kdeglobals r,
   /etc/xdg/kwinrc r,
@@ -30,13 +38,14 @@ profile xdg-desktop-portal-kde @{exec_path} {
 
   owner @{user_cache_dirs}/icon-cache.kcache rw,
 
+  owner @{user_config_dirs}/autostart/org.kde.*.desktop r,
   owner @{user_config_dirs}/kdedefaults/kdeglobals r,
   owner @{user_config_dirs}/kdedefaults/kwinrc r,
   owner @{user_config_dirs}/kdeglobals r,
   owner @{user_config_dirs}/kwinrc r,
   owner @{user_config_dirs}/xdg-desktop-portal-kderc r,
-  
-  @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+
+  @{run}/user/@{uid}/xauth_* rl,
 
   @{PROC}/sys/kernel/core_pattern r,
 
diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp
index fa8be9a5..c09d6808 100644
--- a/apparmor.d/groups/freedesktop/xkbcomp
+++ b/apparmor.d/groups/freedesktop/xkbcomp
@@ -21,6 +21,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   /usr/share/X11/xkb/** r,
 
   /var/lib/xkb/server-[0-9]*.xkm w,
+  /var/lib/xkb/compiled/server-[0-9]*.xkm rw,
 
   owner @{HOME}/.Xauthority r,
   owner @{HOME}/*.{xkb,xkm} rw,
diff --git a/apparmor.d/groups/freedesktop/xrdb b/apparmor.d/groups/freedesktop/xrdb
index ac4867ee..01f9645b 100644
--- a/apparmor.d/groups/freedesktop/xrdb
+++ b/apparmor.d/groups/freedesktop/xrdb
@@ -21,6 +21,7 @@ profile xrdb @{exec_path} {
   /{usr/,}lib/llvm-[0-9]*/bin/clang       rix,
 
   /usr/include/stdc-predef.h r,
+  /usr/etc/X11/xdm/Xresources r,
 
   @{etc_ro}/Xresources/x11-common r,
   @{etc_ro}/X11/Xresources r,
diff --git a/apparmor.d/groups/freedesktop/xsetroot b/apparmor.d/groups/freedesktop/xsetroot
index 3521199d..159128c1 100644
--- a/apparmor.d/groups/freedesktop/xsetroot
+++ b/apparmor.d/groups/freedesktop/xsetroot
@@ -24,6 +24,7 @@ profile xsetroot @{exec_path} {
   owner @{user_share_dirs}/sddm/xorg-session.log w,
 
   @{run}/sddm/\{@{uuid}\} r,
+  @{run}/user/@{uid}/xauth_* rl,
 
   include if exists <local/xsetroot>
 }
diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager
index 892afd94..44a9d227 100644
--- a/apparmor.d/groups/network/ModemManager
+++ b/apparmor.d/groups/network/ModemManager
@@ -10,6 +10,7 @@ include <tunables/global>
 profile ModemManager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/dri-enumerate>
   include <abstractions/dbus-strict>
   include <abstractions/devices-usb>
 
@@ -70,7 +71,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
   @{sys}/class/wwan/ r,
 
   @{sys}/devices/**/uevent r,
-  @{sys}/devices/pci[0-9]*/**/{vendor,device,revision} r,
+  @{sys}/devices/pci[0-9]*/**/revision r,
   @{sys}/devices/virtual/net/*/ r,
   @{sys}/devices/virtual/tty/*/ r,
 
diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd
index 72e4b424..5469efe8 100644
--- a/apparmor.d/profiles-m-r/packagekitd
+++ b/apparmor.d/profiles-m-r/packagekitd
@@ -160,8 +160,8 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
     owner /etc/pacman.d/gnupg/ r, # only: arch
     owner /etc/pacman.d/gnupg/** rwkl -> /tmp/pacman.d/gnupg/**,
 
-    /var/tmp/zypp.*/zypp-*/ r, # only: opensuse
-    /var/tmp/zypp.*/zypp-*/** rwkl -> /var/tmp/zypp.*/zypp-trusted-*/**,
+    owner /var/tmp/zypp.*/*/ r, # only: opensuse
+    owner /var/tmp/zypp.*/*/** rwkl -> /var/tmp/zypp.*/zypp-trusted-*/**,
 
     owner @{run}/user/@{uid}/gnupg/ r,
     owner @{run}/user/@{uid}/gnupg/ rwkl -> @{run}/user/@{uid}/gnupg/**,
diff --git a/apparmor.d/profiles-s-z/smartctl b/apparmor.d/profiles-s-z/smartctl
index 3d4f3062..5e4826fb 100644
--- a/apparmor.d/profiles-s-z/smartctl
+++ b/apparmor.d/profiles-s-z/smartctl
@@ -21,6 +21,8 @@ profile smartctl @{exec_path} {
   /usr/share/smartmontools/** r,
   /var/lib/smartmontools/** r,
 
+  /etc/smart_drivedb.h r,
+
   @{PROC}/devices r,
 
   include if exists <local/smartctl>