diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime
index 1fb0f326..bbc1eee6 100644
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2018-2021 Mikhail Morfikov
+# Copyright (C) 2018-2022 Mikhail Morfikov
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -14,24 +15,39 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   @{exec_path} r,
 
   /{usr/,}bin/{,ba,da}sh rix,
-  /{usr/,}bin/gawk       rix,
-  /{usr/,}bin/cut        rix,
-  /{usr/,}bin/basename   rix,
   /{usr/,}bin/{,e}grep   rix,
-  /{usr/,}bin/which{,.debianutils}      rix,
-  /{usr/,}bin/readlink   rix,
-  /{usr/,}bin/mv         rix,
-  /{usr/,}bin/head       rix,
-  /{usr/,}bin/sed        rix,
-  /{usr/,}bin/uname      rix,
+  /{usr/,}bin/{m,g,}awk  rix,
+  /{usr/,}bin/basename   rix,
+  /{usr/,}bin/cut        rix,
   /{usr/,}bin/file       rix,
+  /{usr/,}bin/head       rix,
+  /{usr/,}bin/mv         rix,
+  /{usr/,}bin/readlink   rix,
+  /{usr/,}bin/sed        rix,
   /{usr/,}bin/tr         rix,
+  /{usr/,}bin/uname      rix,
+  /{usr/,}bin/which{,.debianutils}      rix,
 
   /{usr/,}bin/gio        rPx,
   /{usr/,}bin/mimetype   rPx,
   /{usr/,}bin/xprop      rPx,
 
   /usr/share/terminfo/x/xterm-256color r,
+  /usr/share/ubuntu/applications/ r,
+
+  /etc/gnome/defaults.list r,
+
+  owner @{HOME}/.Xauthority r,
+  owner @{user_config_dirs}/mimeapps.list{,.new} rw,
+  owner @{user_share_dirs}/gvfs-metadata/{,*} r,
+
+  owner @{run}/user/@{uid}/ r,
+
+  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r,
+  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
+
+  /dev/dri/card[0-9]* rw,
+  /dev/tty rw,
 
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two
   # following root processes:
@@ -44,26 +60,6 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   deny /{usr/,}bin/dbus-launch rx,
   deny /{usr/,}bin/dbus-send   rx,
 
-  owner @{user_config_dirs}/mimeapps.list{,.new} rw,
-
-  owner @{user_share_dirs}/gvfs-metadata/{,*} r,
-
-  owner @{HOME}/.Xauthority r,
-
-  owner @{run}/user/@{uid}/ r,
-
-  # For shell pwd
-  owner @{HOME}/ r,
-
-  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r,
-  @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r,
-
-  # file_inherit
-  @{MOUNTS}/** rw,
-  /dev/dri/card[0-9]* rw,
-
-  /dev/tty rw,
-
   profile dbus {
     include <abstractions/base>
     include <abstractions/nameservice-strict>
@@ -72,10 +68,9 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
     /{usr/,}bin/dbus-send     mr,
     /{usr/,}bin/dbus-daemon  rPx,
 
-    # for dbus-launch
+          @{HOME}/.Xauthority r,
     owner @{HOME}/.dbus/session-bus/[0-9a-f]*-[0-9] w,
 
-    @{HOME}/.Xauthority r,
   }
 
   include if exists <local/xdg-mime>
diff --git a/apparmor.d/profiles-a-f/adduser b/apparmor.d/profiles-a-f/adduser
index ef8b465a..1ea91478 100644
--- a/apparmor.d/profiles-a-f/adduser
+++ b/apparmor.d/profiles-a-f/adduser
@@ -10,23 +10,14 @@ include <tunables/global>
 profile adduser @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/perl>
   include <abstractions/nameservice-strict>
+  include <abstractions/perl>
 
-  # To create a user home dir and give it proper permissions:
-  #  mkdir("/home/user", 0755)     = 0
-  #  chown("/home/user", 1001, 1001) = 0
-  #  chmod("/home/user", 0755)     = 0
   capability chown,
-  capability fowner,
-
-  # To set the set-group-ID bit for the user home dir (SETGID_HOME=yes).
-  capability fsetid,
-
-  # To copy files from the /etc/skel/ dir to the newly created user dir, which now has a different
-  # owner.
-  capability dac_read_search,
   capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
 
   @{exec_path} r,
   /{usr/,}bin/perl r,
@@ -35,25 +26,24 @@ profile adduser @{exec_path} {
   /{usr/,}bin/find       rix,
   /{usr/,}bin/rm         rix,
 
+  /{usr/,}{s,}bin/groupadd  rPx,
+  /{usr/,}{s,}bin/groupdel  rPx,
   /{usr/,}{s,}bin/useradd   rPx,
   /{usr/,}{s,}bin/userdel   rPx,
-  /{usr/,}{s,}bin/groupdel  rPx,
-  /{usr/,}{s,}bin/groupadd  rPx,
   /{usr/,}{s,}bin/usermod   rPx,
-  /{usr/,}bin/passwd     rPx,
-  /{usr/,}bin/gpasswd    rPx,
-  /{usr/,}bin/chfn       rPx,
-  /{usr/,}bin/chage      rPx,
+  /{usr/,}bin/chage         rPx,
+  /{usr/,}bin/chfn          rPx,
+  /{usr/,}bin/gpasswd       rPx,
+  /{usr/,}bin/passwd        rPx,
 
   /etc/{group,passwd,shadow} r,
-
   /etc/adduser.conf r,
+  /etc/skel/{,.*} r,
 
   # To create user dirs and copy files from /etc/skel/ to them
   @{HOME}/ rw,
   @{HOME}/.* w,
   /var/lib/*/{,*} rw,
-  /etc/skel/{,.*} r,
 
   include if exists <local/adduser>
 }
diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman
index f0e4c92f..362666f7 100644
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2021 Mikhail Morfikov
+# Copyright (C) 2021-2022 Mikhail Morfikov
+# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -9,15 +10,15 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/blueman-*
 profile blueman @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/audio>
   include <abstractions/dconf-write>
-  include <abstractions/python>
-  include <abstractions/fonts>
   include <abstractions/fontconfig-cache-read>
-  include <abstractions/gtk>
+  include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/gtk>
+  include <abstractions/python>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/user-download-strict>
-  include <abstractions/audio>
 
   network inet stream,
   network inet6 stream,
@@ -27,17 +28,25 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
   ptrace (read) peer=gjs-console,
 
   @{exec_path} mrix,
-  /{usr/,}bin/python3.[0-9]* r,
-  /{usr/,}bin/blueman-tray rPx,
 
-  /{usr/,}bin/         r,
-  /{usr/,}bin/{b,d}ash rix,
+  /{usr/,}bin/{b,d}ash      rix,
 
-  /{usr/,}bin/xdg-open rCx -> open,
+  /{usr/,}bin/blueman-tray  rPx,
+  /{usr/,}bin/xdg-open      rCx -> open,
 
   /usr/share/blueman/{,**} r,
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/X11/xkb/{,**} r,
 
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
+
+  /var/lib/blueman/network.state r,
+
+  owner @{HOME}/ r,
+  owner @{HOME}/bluetooth*/ r,
+  owner @{HOME}/bluetooth*/* rw,
+
   owner @{user_cache_dirs}/blueman-tray-[0-9]* rw,
   owner @{user_cache_dirs}/blueman-services-[0-9]* rw,
   owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw,
@@ -49,36 +58,16 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
 
   owner @{user_share_dirs}/gvfs-metadata/{,*} r,
 
-  owner @{HOME}/ r,
-  owner @{HOME}/bluetooth*/ r,
-  owner @{HOME}/bluetooth*/* rw,
-
-  # For sending a note (disabled since the feature doesn't seem to work)
-  #owner /tmp/* rw,
-  #owner /var/tmp/* rw,
-  #owner /tmp/note*.vnt rw,
-
-  /var/lib/blueman/network.state r,
+  owner @{run}/user/@{uid}/gdm/Xauthority r,
 
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
         @{PROC}/@{pids}/cmdline r,
 
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-
-  /dev/tty rw,
-
-  /dev/rfkill r,
-
-  /dev/shm/ r,
-
-  /var/lib/dbus/machine-id r,
-  /etc/machine-id r,
-
-  owner @{run}/user/@{uid}/gdm/Xauthority r,
-
-  # file_inherit
   /dev/dri/card[0-9]* rw,
+  /dev/rfkill r,
+  /dev/shm/ r,
+  /dev/tty rw,
 
   profile open {
     include <abstractions/base>
@@ -87,30 +76,29 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
     /{usr/,}bin/xdg-open mr,
 
     /{usr/,}bin/{,ba,da}sh      rix,
-    /{usr/,}bin/gawk            rix,
-    /{usr/,}bin/readlink        rix,
     /{usr/,}bin/basename        rix,
+    /{usr/,}bin/dbus-send       rix,
+    /{usr/,}bin/file            rix,
+    /{usr/,}bin/gawk            rix,
+    /{usr/,}bin/mimetype        rix,
+    /{usr/,}bin/readlink        rix,
     /{usr/,}bin/uname           rix,
     /{usr/,}bin/xprop           rix,
-    /{usr/,}bin/file            rix,
-    /{usr/,}bin/dbus-send       rix,
-    /{usr/,}bin/mimetype        rix,
-
-    /usr/share/perl5/** r,
-    /etc/magic r,
-
-    owner @{HOME}/ r,
-    owner @{HOME}/bluetooth*/* r,
-
-    owner @{run}/user/@{uid}/ r,
 
     # Allowed apps to open
     /{usr/,}lib/firefox/firefox rPx,
     /{usr/,}bin/spacefm         rPx,
 
-    # file_inherit
+    /usr/share/perl5/** r,
+
+    /etc/magic r,
+
+    owner @{HOME}/ r,
+    owner @{HOME}/bluetooth*/* r,
     owner @{HOME}/.xsession-errors w,
 
+    owner @{run}/user/@{uid}/ r,
+
   }
 
   include if exists <local/blueman>
diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd
index 740731c5..26316237 100644
--- a/apparmor.d/profiles-a-f/bluetoothd
+++ b/apparmor.d/profiles-a-f/bluetoothd
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2015-2021 Mikhail Morfikov
+# Copyright (C) 2015-2022 Mikhail Morfikov
+# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -27,20 +28,19 @@ profile bluetoothd @{exec_path} {
 
   /etc/bluetooth/{,*.conf} r,
 
+  /var/lib/bluetooth/{,**} rw,
+
+  @{run}/sdp rw,
+  @{run}/udev/data/+hid:* r,
+
+  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bluetooth/**/{uevent,name} r,
+  @{sys}/devices/platform/**/rfkill/**/name r,
+  @{sys}/devices/virtual/dmi/id/chassis_type r,
+
   /dev/uhid rw,
   /dev/uinput rw,
   /dev/rfkill rw,
   /dev/hidraw[0-9]* rw,
 
-  @{run}/sdp rw,
-
-  @{run}/udev/data/+hid:* r,
-
-  @{sys}/devices/virtual/dmi/id/chassis_type r,
-  @{sys}/devices/platform/**/rfkill/**/name r,
-  @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bluetooth/**/{uevent,name} r,
-
-  /var/lib/bluetooth/{,**} rw,
-
   include if exists <local/bluetoothd>
 }
diff --git a/apparmor.d/profiles-a-f/e2fsck b/apparmor.d/profiles-a-f/e2fsck
index e7c2cfb5..0932351b 100644
--- a/apparmor.d/profiles-a-f/e2fsck
+++ b/apparmor.d/profiles-a-f/e2fsck
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2019-2022 Mikhail Morfikov
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -12,19 +13,16 @@ profile e2fsck @{exec_path} {
   include <abstractions/disks-write>
   include <abstractions/user-download-strict>
 
+  capability dac_read_search,
+  capability sys_rawio,
+
   @{exec_path} mr,
 
   # To check for badblocks
   /{usr/,}bin/{,ba,da}sh rix,
   /{usr/,}{s,}bin/badblocks rPx,
 
-  owner @{run}/blkid/blkid.tab{,-*} rw,
-  owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
-
-        @{PROC}/swaps r,
-  owner @{PROC}/@{pid}/mounts r,
-
-  @{sys}/devices/**/power_supply/AC/online r,
+  /usr/share/file/misc/magic.mgc r,
 
   # A place for file images
   owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
@@ -32,5 +30,14 @@ profile e2fsck @{exec_path} {
   owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
   owner @{MOUNTS}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
 
+        @{run}/blkid/ rw,
+  owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
+  owner @{run}/blkid/blkid.tab{,-*} rw,
+
+  @{sys}/devices/**/power_supply/AC/online r,
+
+        @{PROC}/swaps r,
+  owner @{PROC}/@{pid}/mounts r,
+
   include if exists <local/e2fsck>
 }
diff --git a/apparmor.d/profiles-m-r/netstat b/apparmor.d/profiles-m-r/netstat
index a4cc8594..a65591fb 100644
--- a/apparmor.d/profiles-m-r/netstat
+++ b/apparmor.d/profiles-m-r/netstat
@@ -1,12 +1,10 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2002-2005 Novell/SUSE
-#               2017 Christian Boltz
-#               2018-2021 Mikhail Morfikov
+# Copyright (C) 2017 Christian Boltz
+# Copyright (C) 2018-2022 Mikhail Morfikov
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-# Evolution, amongst other things, calls this program. I didn't want to
-# give evolution access to significant chunks of /proc
-
 abi <abi/3.0>,
 
 include <tunables/global>
@@ -18,32 +16,34 @@ profile netstat @{exec_path} {
   include <abstractions/nameservice>
 
   capability dac_read_search,
-  capability syslog,
   capability sys_ptrace,
+  capability syslog,
 
   ptrace (trace,read),
 
   @{exec_path} rmix,
 
   /etc/networks r,
-  @{PROC} r,
-  @{PROC}/@{pids}/cmdline r,
-  @{PROC}/net r,
-  @{PROC}/net/* r,
-  @{PROC}/@{pids}/fd/ r,
-  @{PROC}/@{pid}/attr/current r,
-  @{PROC}/@{pid}/net/netstat r,
-  @{PROC}/@{pid}/net/raw r,
-  @{PROC}/@{pid}/net/snmp r,
-  @{PROC}/@{pid}/net/raw6 r,
-  @{PROC}/@{pid}/net/tcp r,
-  @{PROC}/@{pid}/net/tcp6 r,
-  @{PROC}/@{pid}/net/udp r,
-  @{PROC}/@{pid}/net/udp6 r,
-  @{PROC}/@{pid}/net/udplite r,
-  @{PROC}/@{pid}/net/udplite6 r,
-  @{PROC}/@{pid}/net/unix r,
-  # For  "netstat -i"
-  @{PROC}/@{pid}/net/dev r,
 
+        @{PROC} r,
+        @{PROC}/@{pids}/cmdline r,
+        @{PROC}/@{pids}/fd/ r,
+        @{PROC}/@{pids}/net/dev r,
+        @{PROC}/@{pids}/net/netstat r,
+        @{PROC}/@{pids}/net/raw r,
+        @{PROC}/@{pids}/net/raw6 r,
+        @{PROC}/@{pids}/net/snmp r,
+        @{PROC}/@{pids}/net/tcp r,
+        @{PROC}/@{pids}/net/tcp6 r,
+        @{PROC}/@{pids}/net/udp r,
+        @{PROC}/@{pids}/net/udp6 r,
+        @{PROC}/@{pids}/net/udplite r,
+        @{PROC}/@{pids}/net/udplite6 r,
+        @{PROC}/@{pids}/net/unix r,
+        @{PROC}/net r,
+        @{PROC}/net/* r,
+        @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+  owner @{PROC}/@{pid}/attr/current r,
+
+  include if exists <local/netstat>
 }