diff --git a/apparmor.d/groups/apt/apt-methods-mirror b/apparmor.d/groups/apt/apt-methods-mirror
index 2a0d20ff..4fa9a6b0 100644
--- a/apparmor.d/groups/apt/apt-methods-mirror
+++ b/apparmor.d/groups/apt/apt-methods-mirror
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -10,6 +11,7 @@ include <tunables/global>
 profile apt-methods-mirror @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
 
   # The "_apt" user is created by the postinst script of the "apt" package. It's the owner of the
   # dirs "/var/cache/apt/archives/partial/" and "/var/lib/apt/lists/partial/" . The "_apt" user is
diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession
index 543ed3b2..12165235 100644
--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@@ -24,27 +24,32 @@ profile gdm-xsession @{exec_path} {
   @{bin}/gettext         rix,
   @{bin}/gettext.sh      r,
   @{bin}/gnome-session   rix,
-  @{bin}/gsettings       rPx,
   @{bin}/id              rix,
   @{bin}/locale          rix,
   @{bin}/locale-check    rix,
   @{bin}/mktemp          rix,
+  @{bin}/run-parts       rix,
   @{bin}/sed             rix,
+  @{bin}/ssh-agent       rix,
+  @{bin}/tail            rix,
   @{bin}/tr              rix,
   @{bin}/truncate        rix,
   @{bin}/tty             rix,
+  @{bin}/which{,.debianutils}  rix,
   @{bin}/zsh             rix,
 
-  @{etc_ro}/X11/xdm/Xsession                        rPx,
   @{bin}/dbus-update-activation-environment    rCx -> dbus,
+  @{bin}/dpkg-query                            rpx,
   @{bin}/flatpak                               rPUx,
+  @{bin}/gpgconf                               rPx,
+  @{bin}/gsettings                             rPx,
+  @{bin}/im-launch                             rPx,
   @{bin}/systemctl                             rPx -> child-systemctl,
   @{bin}/xbrlapi                               rPx,
   @{bin}/xhost                                 rPx,
-  @{bin}/im-launch                             rPx,
-  @{bin}/gpgconf                               rPx,
-  @{lib}/gnome-session-binary                   rPx,
-  @{bin}/dpkg-query                            rpx,
+  @{bin}/xrdb                                  rPx,
+  @{etc_ro}/X11/xdm/Xsession                   rPx,
+  @{lib}/gnome-session-binary                  rPx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/im-config/data/{,*} r,
diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4
index 764c871c..01f7de4d 100644
--- a/apparmor.d/profiles-a-f/exim4
+++ b/apparmor.d/profiles-a-f/exim4
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -10,9 +11,19 @@ include <tunables/global>
 profile exim4 @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
 
+  capability chown,
+  capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability net_admin,
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+
   network inet dgram,
   network inet6 dgram,
   network inet stream,
@@ -21,59 +32,26 @@ profile exim4 @{exec_path} {
 
   @{exec_path} mrix,
 
-  # To bind to port 25/tcp
-  capability net_bind_service,
-
-  # To remove the following error:
-  #  exim4[]: exim: setgroups() failed: Operation not permitted
-  capability setgid,
-
-  # To remove the following error:
-  #  exim4[]: unable to set gid=110 or uid=105 (euid=0): calling tls_validate_require_cipher
-  capability setuid,
-
-  # To remove the following error:
-  # exim4[]: Cannot open main log file "/var/log/exim4/mainlog": Permission denied: euid=0 egid=110
-  capability dac_read_search,
-  capability dac_override,
-
-  # To remove the following error:
-  #  exim.c:774: chown(/var/spool/exim4//msglog//1kqH5Z-000RUf-UR, 105:110) failed (Operation not
-  #  permitted). Please contact the authors and refer to https://bugs.exim.org/show_bug.cgi?id=2391
-  capability chown,
-
-  # To remove the following error:
-  #  Couldn't chmod message log /var/spool/exim4//msglog//1kqH6c-000S7r-Ni: Operation not permitted
-  capability fowner,
-
-  # Needed?
-  audit deny capability net_admin,
-
-  /var/lib/exim4/config.autogenerated{,.tmp} r,
-
   /etc/email-addresses r,
   /etc/aliases r,
 
+  /var/lib/exim4/config.autogenerated{,.tmp} r,
+
+  /var/lib/dpkg/status r,
+  /var/log/cron-apt/lastfullmessage r,
   /var/log/exim4/ w,
   /var/log/exim4/mainlog w,
   /var/log/exim4/paniclog w,
   /var/log/exim4/rejectlog w,
-
   /var/spool/exim4/ r,
   /var/spool/exim4/** rwk,
 
   owner /var/mail/* rwkl -> /var/mail/*,
 
+  /tmp/#@{int} rw,
+
         @{run}/exim4/ r,
   owner @{run}/exim4/exim.pid rw,
 
-        @{run}/resolvconf/resolv.conf r,
-  owner @{run}/dbus/system_bus_socket rw,
-
-  # file_inherit
-  /tmp/#@{int} rw,
-  /var/lib/dpkg/status r,
-  /var/log/cron-apt/lastfullmessage r,
-
   include if exists <local/exim4>
 }
diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings
index a56839da..cc8f83c3 100644
--- a/apparmor.d/profiles-g-l/gsettings
+++ b/apparmor.d/profiles-g-l/gsettings
@@ -21,9 +21,9 @@ profile gsettings @{exec_path} {
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
-  /dev/tty@{int} rw,
-
   owner @{run}/user/@{uid}/bus rw,
 
+  /dev/tty@{int} rw,
+
   include if exists <local/gsettings>
 }
diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch
index 67359d3d..98b4c9f7 100644
--- a/apparmor.d/profiles-g-l/im-launch
+++ b/apparmor.d/profiles-g-l/im-launch
@@ -12,15 +12,17 @@ profile im-launch @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/{,ba,da}sh  rix,
-  @{bin}/gnome-session rix,
-  @{bin}/env         rix,
-  @{bin}/locale      rix,
-  @{bin}/gettext{,.sh} rix,
-  @{bin}/true        rix,
-  @{bin}/sed         rix,
-  @{bin}/dpkg-query  rpx,
-  @{bin}/uim-toolbar-gtk3 rPUx,
+  @{bin}/{,ba,da}sh            rix,
+  @{bin}/dpkg-query            rpx,
+  @{bin}/env                   rix,
+  @{bin}/gettext{,.sh}         rix,
+  @{bin}/gnome-session         rix,
+  @{bin}/gsettings             rPx,
+  @{bin}/locale                rix,
+  @{bin}/sed                   rix,
+  @{bin}/true                  rix,
+  @{bin}/uim-toolbar-gtk3     rPUx,
+  @{lib}/gnome-session-binary  rPx,
 
   /usr/share/im-config/{,**} r,
 
@@ -30,7 +32,6 @@ profile im-launch @{exec_path} {
 
   owner @{HOME}/.xinputrc r,
 
-  # file inherit
   owner /dev/tty@{int} rw,
 
   include if exists <local/im-launch>
diff --git a/apparmor.d/profiles-m-r/mkswap b/apparmor.d/profiles-m-r/mkswap
index da57d46d..53d145ba 100644
--- a/apparmor.d/profiles-m-r/mkswap
+++ b/apparmor.d/profiles-m-r/mkswap
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -13,11 +14,12 @@ profile mkswap @{exec_path} {
 
   @{exec_path} mr,
 
-  owner @{PROC}/@{pid}/mounts r,
-        @{PROC}/swaps r,
-
   # SWAP file common locations
   owner /swapfile rw,
+  owner /swap/swapfile rw,
+
+        @{PROC}/swaps r,
+  owner @{PROC}/@{pid}/mounts r,
 
   include if exists <local/mkswap>
 }