diff --git a/apparmor.d/groups/network/networkd-dispatcher b/apparmor.d/groups/network/networkd-dispatcher
index 63291093..45fbf76a 100644
--- a/apparmor.d/groups/network/networkd-dispatcher
+++ b/apparmor.d/groups/network/networkd-dispatcher
@@ -21,8 +21,9 @@ profile networkd-dispatcher @{exec_path} {
   @{exec_path} mr,
 
   @{bin}/ r,
-  @{bin}/networkctl  rPx,
+  @{bin}/chronyc     rPx,
   @{bin}/ls          rix,
+  @{bin}/networkctl  rPx,
   @{bin}/sed         rix,
 
   @{lib}/networkd-dispatcher/routable.d/postfix rix,
diff --git a/apparmor.d/profiles-a-f/flatpak b/apparmor.d/profiles-a-f/flatpak
index 7368d7c3..bc21a583 100644
--- a/apparmor.d/profiles-a-f/flatpak
+++ b/apparmor.d/profiles-a-f/flatpak
@@ -62,7 +62,12 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   owner @{HOME}/.var/ w,
   owner @{HOME}/.var/app/{,**} rw,
 
-  owner @{user_documents_dirs}/ rw,
+  # Can create dotfile directories for any app
+  owner @{user_cache_dirs}/*/ w,
+  owner @{user_config_dirs}/*/ w,
+  owner @{user_share_dirs}/*/ w,
+  owner @{user_games_dirs}/{,**/} w,
+  owner @{user_documents_dirs}/ w,
 
   owner @{user_cache_dirs}/flatpak/{,**} rw,
   owner @{user_config_dirs}/pulse/client.conf r,
diff --git a/apparmor.d/profiles-g-l/iotop b/apparmor.d/profiles-g-l/iotop
index c53b4656..d85b0244 100644
--- a/apparmor.d/profiles-g-l/iotop
+++ b/apparmor.d/profiles-g-l/iotop
@@ -10,32 +10,28 @@ include <tunables/global>
 @{exec_path} = @{bin}/iotop
 profile iotop @{exec_path} {
   include <abstractions/base>
-  include <abstractions/python>
   include <abstractions/nameservice-strict>
+  include <abstractions/python>
 
-  # Needed?
-  audit deny capability net_admin,
-
-  # To set processes' priorities
   capability sys_nice,
 
-  @{exec_path} r,
-  @{bin}/python3.@{int} r,
+  network netlink raw,
 
-  @{bin}/file rix,
+  @{exec_path} r,
 
   @{bin}/ r,
+  @{bin}/file rix,
+  @{bin}/python3.@{int} r,
+
+  /etc/magic r,
 
         @{PROC}/ r,
-        @{PROC}/vmstat r,
-  owner @{PROC}/@{pid}/mounts r,
-  owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/@{pids}/cmdline r,
         @{PROC}/@{pids}/task/ r,
         @{PROC}/sys/kernel/pid_max r,
-
-  # For file
-  /etc/magic r,
+        @{PROC}/vmstat r,
+  owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/mounts r,
 
   include if exists <local/iotop>
 }