diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd
index 011272a2..78e16ddd 100644
--- a/apparmor.d/groups/freedesktop/plymouthd
+++ b/apparmor.d/groups/freedesktop/plymouthd
@@ -10,6 +10,7 @@ include <tunables/global>
 profile plymouthd @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/dri-common>
 
   capability sys_admin,
   capability sys_tty_config,
@@ -37,12 +38,12 @@ profile plymouthd @{exec_path} {
   @{sys}/class/drm/ r,
   @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/card[0-9]-{HDMI,VGA,LVDS,DP,eDP,Virtual}-*/uevent r,
   @{sys}/devices/pci[0-9]*/**/drm/card[0-9]/uevent r,
+  @{sys}/devices/pci[0-9]*/**/drm/renderD128/uevent r,
   @{sys}/devices/virtual/tty/console/active r,
   @{sys}/firmware/acpi/bgrt/{,*} r,
 
   @{PROC}/cmdline r,
 
-  /dev/dri/card[0-9]* rw,
   /dev/ptmx rw,
   /dev/tty[0-9]* rw,
 
diff --git a/apparmor.d/groups/ubuntu/do-release-upgrade b/apparmor.d/groups/ubuntu/do-release-upgrade
index 8140c18c..80ddfe97 100644
--- a/apparmor.d/groups/ubuntu/do-release-upgrade
+++ b/apparmor.d/groups/ubuntu/do-release-upgrade
@@ -15,14 +15,18 @@ profile do-release-upgrade @{exec_path} {
   include <abstractions/python>
   include <abstractions/ssl_certs>
 
+  capability net_admin,
+
   network inet dgram,
   network inet6 dgram,
   network inet stream,
   network inet6 stream,
+  network netlink raw,
 
   @{exec_path} mr,
 
   /{usr/,}bin/dpkg         rPx -> child-dpkg,
+  /{usr/,}bin/ischroot     rix,
   /{usr/,}bin/lsb_release  rPx -> lsb_release,
 
   /usr/share/distro-info/*.csv r,
@@ -31,10 +35,11 @@ profile do-release-upgrade @{exec_path} {
   /etc/machine-id r,
   /etc/update-manager/{,**} r,
 
-  /var/lib/update-manager/meta-release-* rw,
+  /var/lib/update-manager/* rw,
   /var/cache/apt/pkgcache.bin{,.*} rw,
 
   owner @{PROC}/@{pid}/fd/ r,
+        @{PROC}/@{pids}/mountinfo r,
 
   include if exists <local/do-release-upgrade>
 }
\ No newline at end of file
diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd
index d20aa7b6..a40c4249 100644
--- a/apparmor.d/profiles-a-f/apparmor.systemd
+++ b/apparmor.d/profiles-a-f/apparmor.systemd
@@ -11,6 +11,8 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
+  capability mac_admin,
+
   @{exec_path} mr,
 
   /{usr/,}{s,}bin/aa-status        rPx,
@@ -19,6 +21,8 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   /{usr/,}bin/{,e}grep             rix,
   /{usr/,}bin/getconf              rix,
   /{usr/,}bin/ls                   rix,
+  /{usr/,}bin/sed                  rix,
+  /{usr/,}bin/sort                 rix,
   /{usr/,}bin/systemd-detect-virt  rPx,
   /{usr/,}bin/xargs                rix,
 
@@ -28,6 +32,7 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
 
   @{sys}/fs/cgroup/systemd/ r,
   @{sys}/kernel/security/apparmor/{,**} r,
+  @{sys}/kernel/security/apparmor/.remove rw,
   @{sys}/module/apparmor/ r,
 
   @{PROC}/@{pids}/fd/ r,
diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser
index eb535fe5..a8886583 100644
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@@ -25,6 +25,8 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
   owner /var/cache/apparmor/{,**} rw,
   owner /var/lib/docker/tmp/docker-default[0-9]* r,
   owner /var/lib/snapd/apparmor/{,**} r,
+  
+  owner /tmp/cri-containerd.apparmor.d[0-9]* r,
 
   owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw,
         @{sys}/kernel/security/apparmor/{,**} r,