diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker
index 838d524c..3b024f80 100644
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@@ -86,7 +86,8 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
 
   owner @{HOME}/.pam_environment r,
 
-  owner @{run}/user/@{uid}/keyring/control rw,
+  owner @{run}/systemd/seats/seat@{int} r,
+  owner @{run}/user/@{uid}/keyring/control rw, 
 
   @{run}/cockpit/active.motd r,
   @{run}/faillock/[a-zA-z0-9]* rwk,
diff --git a/apparmor.d/groups/gnome/gnome-calculator-search-provider b/apparmor.d/groups/gnome/gnome-calculator-search-provider
index 8ba5634b..1bf36e05 100644
--- a/apparmor.d/groups/gnome/gnome-calculator-search-provider
+++ b/apparmor.d/groups/gnome/gnome-calculator-search-provider
@@ -21,7 +21,7 @@ profile gnome-calculator-search-provider @{exec_path} {
 
   signal (send) set=kill peer=unconfined,
 
-  @{exec_path} mr,
+  @{exec_path} mrix,
   /{usr/,}bin/[a-z0-9]* rPUx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata
index 3120e5bd..fbd27323 100644
--- a/apparmor.d/groups/gvfs/gvfsd-metadata
+++ b/apparmor.d/groups/gvfs/gvfsd-metadata
@@ -16,11 +16,18 @@ profile gvfsd-metadata @{exec_path} {
 
   network netlink raw,
 
+  signal (receive) set=(usr1) peer=pacman,
+
   dbus bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member={RequestName,ReleaseName}
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
   dbus receive bus=session path=/org/gtk/vfs/metadata
        interface=org.freedesktop.DBus.Properties
        member=GetAll
diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman
index 958f3ad4..acec19ad 100644
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@@ -28,6 +28,7 @@ profile pacman @{exec_path} {
   capability setgid,
   capability setuid,
   capability sys_chroot,
+  capability sys_ptrace,
   capability sys_resource,
 
   network inet stream,
@@ -39,6 +40,8 @@ profile pacman @{exec_path} {
 
   ptrace (read),
 
+  signal (send) set=(usr1) peer=gvfsd,
+
   @{exec_path} mrix,
 
   @{bin}/gpg{,2}      rCx -> gpg,
diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify
index 014b5ecf..6d742cb5 100644
--- a/apparmor.d/profiles-a-f/aa-notify
+++ b/apparmor.d/profiles-a-f/aa-notify
@@ -36,7 +36,7 @@ profile aa-notify @{exec_path} {
   owner @{HOME}/.inputrc r,
   owner @{HOME}/.terminfo/@{int}/dumb r,
 
-  owner /tmp/[a-z0-9]* rw,
+  owner /tmp/_@{c}@{rand6} rw,
   owner /tmp/apparmor-bugreport-*.txt rw,
 
   @{PROC}/ r,
diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent
index 4c166422..f76cf3fc 100644
--- a/apparmor.d/profiles-s-z/spice-vdagent
+++ b/apparmor.d/profiles-s-z/spice-vdagent
@@ -53,6 +53,11 @@ profile spice-vdagent @{exec_path} {
        member=Embed
        peer=(name=org.a11y.atspi.Registry), # all peer's labels
 
+  dbus receive bus=session path=/
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   /usr/share/pipewire/client-rt.conf r,
diff --git a/apparmor.d/profiles-s-z/vlc b/apparmor.d/profiles-s-z/vlc
index cdee0d5f..dbd26f0b 100644
--- a/apparmor.d/profiles-s-z/vlc
+++ b/apparmor.d/profiles-s-z/vlc
@@ -19,6 +19,7 @@ profile vlc @{exec_path} {
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/gstreamer>
   include <abstractions/gtk>
   include <abstractions/ibus>
   include <abstractions/mesa>
@@ -159,6 +160,8 @@ profile vlc @{exec_path} {
         /dev/shm/#@{int} rw,
         /dev/tty r,
   owner /dev/tty@{int} rw,
+        /dev/snd/ r,
+        /dev/video@{int} rw,
 
   # Silencer
   deny @{lib}/@{multiarch}/vlc/{,**} w,