diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt
index 369dd3bb..c0545f2e 100644
--- a/apparmor.d/groups/apt/apt
+++ b/apparmor.d/groups/apt/apt
@@ -130,6 +130,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
   /var/lib/update-notifier/dpkg-run-stamp rw,
 
   /var/log/apt/{,**} rw,
+  /var/log/ubuntu-advantage-apt-hook.log w,
 
   # For package building
   @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
diff --git a/apparmor.d/groups/bus/dbus-accessibility b/apparmor.d/groups/bus/dbus-accessibility
index e8f0328a..35a50755 100644
--- a/apparmor.d/groups/bus/dbus-accessibility
+++ b/apparmor.d/groups/bus/dbus-accessibility
@@ -26,6 +26,8 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
   signal (receive) set=(term hup kill) peer=dbus-session,
   signal (receive) set=(term hup kill) peer=gdm{,-session-worker},
 
+  unix type=stream addr=none peer=(label=xorg, addr=@/tmp/.X11-unix/X0),
+
   #aa:dbus own bus=accessibility name=org.freedesktop.DBus
   #aa:dbus own bus=session name=org.a11y.{B,b}us
   dbus receive bus=accessibility path=/org/freedesktop/DBus
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index 0f23d583..90016a8e 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -45,6 +45,11 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
+  dbus send bus=system path=/org/freedesktop/login1/session/*
+       interface=org.freedesktop.login1.Session
+       member=ReleaseControl
+       peer=(name=org.freedesktop.login1, label=systemd-logind),
+
   @{exec_path} mrix,
 
   @{sh_path}        rix,
diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm
index 6bafb132..fc7ff4bb 100644
--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@@ -50,7 +50,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
   @{bin}/plymouth                  rPx,
   @{bin}/prime-switch             rPUx,
   @{bin}/sleep                     rix,
-  @{bin}/systemd-cat               rPx,
+  @{bin}/systemd-cat               rix,
   @{lib}/{,gdm/}gdm-session-worker rPx,
   /etc/gdm{3,}/PrimeOff/Default    rix,
 
diff --git a/apparmor.d/groups/gnome/gdm-prime-defaut b/apparmor.d/groups/gnome/gdm-prime-defaut
index 189e166f..eea0ee3b 100644
--- a/apparmor.d/groups/gnome/gdm-prime-defaut
+++ b/apparmor.d/groups/gnome/gdm-prime-defaut
@@ -12,6 +12,9 @@ profile gdm-prime-defaut @{exec_path} flags=(complain) {
 
   @{exec_path} mr,
 
+  @{sh_path}           r,
+  @{bin}/prime-offload ix,
+
   include if exists <local/gdm-prime-defaut>
 }
 
diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager
index de3a180b..1bb2de23 100644
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@@ -43,6 +43,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   #aa:dbus own bus=system name=org.freedesktop.NetworkManager
 
+  #aa:dbus talk bus=system name=fi.w1.wpa_supplicant1 label=wpa-supplicant
   #aa:dbus talk bus=system name=org.fedoraproject.FirewallD1 label=firewalld
   #aa:dbus talk bus=system name=org.freedesktop.nm_dispatcher label=nm-dispatcher
   #aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved
diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher
index 40984f7f..ee2e5274 100644
--- a/apparmor.d/groups/network/nm-dispatcher
+++ b/apparmor.d/groups/network/nm-dispatcher
@@ -51,7 +51,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
   @{bin}/run-parts          rCx -> run-parts,
   @{bin}/sed                rix,
   @{bin}/systemctl          rCx -> systemctl,
-  @{bin}/systemd-cat        rPx,
+  @{bin}/systemd-cat        rix,
   @{bin}/tr                 rix,
   /usr/share/tlp/tlp-readconfs  rPUx,
 
diff --git a/apparmor.d/groups/ssh/sshfs b/apparmor.d/groups/ssh/sshfs
index a367b0f7..173b6602 100644
--- a/apparmor.d/groups/ssh/sshfs
+++ b/apparmor.d/groups/ssh/sshfs
@@ -13,6 +13,10 @@ profile sshfs @{exec_path} flags=(complain) {
 
   mount fstype=fuse.sshfs -> @{HOME}/*/,
   mount fstype=fuse.sshfs -> @{HOME}/*/*/,
+  mount fstype=fuse.sshfs -> @{MOUNTDIRS}/,
+  mount fstype=fuse.sshfs -> @{MOUNTS}/,
+  mount fstype=fuse.sshfs -> @{MOUNTS}/*/,
+  mount fstype=fuse.sshfs -> @{MOUNTS}/*/*/,
 
   unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount",addr=none),
 
@@ -33,6 +37,17 @@ profile sshfs @{exec_path} flags=(complain) {
 
     mount fstype={fuse,fuse.sshfs} -> @{HOME}/*/,
     mount fstype={fuse,fuse.sshfs} -> @{HOME}/*/*/,
+    mount fstype={fuse,fuse.sshfs} -> @{MOUNTDIRS}/,
+    mount fstype={fuse,fuse.sshfs} -> @{MOUNTS}/,
+    mount fstype={fuse,fuse.sshfs} -> @{MOUNTS}/*/,
+    mount fstype={fuse,fuse.sshfs} -> @{MOUNTS}/*/*/,
+    
+    umount @{HOME}/*/,
+    umount @{HOME}/*/*/,
+    umount @{MOUNTDIRS}/,
+    umount @{MOUNTS}/,
+    umount @{MOUNTS}/*/,
+    umount @{MOUNTS}/*/*/,
 
     unix (connect, send, receive) type=stream peer=(label="sshfs",addr=none),
 
diff --git a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
index b16577de..4c57d020 100644
--- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
+++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
@@ -13,6 +13,7 @@ profile systemd-tty-ask-password-agent @{exec_path} {
   include <abstractions/common/systemd>
 
   capability dac_override,
+  capability dac_read_search,
   capability net_admin,
   capability sys_resource,
 
diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd
index b8a0c7e4..f52a2fc6 100644
--- a/apparmor.d/groups/systemd/systemd-udevd
+++ b/apparmor.d/groups/systemd/systemd-udevd
@@ -95,6 +95,8 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   @{run}/systemd/notify rw,
   @{run}/systemd/seats/seat@{int} r,
 
+  @{att}/@{run}/udev/control rw,
+
   @{run}/udev/ rw,
   @{run}/udev/** rwk,
 
diff --git a/apparmor.d/groups/virt/cockpit-bridge b/apparmor.d/groups/virt/cockpit-bridge
index 1766cd2f..94b18516 100644
--- a/apparmor.d/groups/virt/cockpit-bridge
+++ b/apparmor.d/groups/virt/cockpit-bridge
@@ -114,7 +114,7 @@ profile cockpit-bridge @{exec_path} {
     include <abstractions/base>
     include <abstractions/app/sudo>
 
-    signal (send receive) set=term peer=cockpit-bridge,
+    signal (send receive) set=(cont hup term) peer=cockpit-bridge,
 
     @{bin}/cockpit-bridge Px,
     @{lib}/cockpit/cockpit-askpass Px,
diff --git a/apparmor.d/groups/whonix/anondate b/apparmor.d/groups/whonix/anondate
index d3951756..27e4eb59 100644
--- a/apparmor.d/groups/whonix/anondate
+++ b/apparmor.d/groups/whonix/anondate
@@ -22,7 +22,7 @@ profile anondate @{exec_path} {
   @{bin}/grep rix,
   @{bin}/minimum-unixtime-show rix,
   @{bin}/rm rix,
-  @{bin}/systemd-cat rPx,
+  @{bin}/systemd-cat rix,
   @{bin}/tee rix,
   @{bin}/timeout rix,
   @{bin}/tor-circuit-established-check  rix,
diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd
index ee7efdcf..8ca699aa 100644
--- a/apparmor.d/profiles-a-f/bluetoothd
+++ b/apparmor.d/profiles-a-f/bluetoothd
@@ -25,20 +25,15 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) {
 
   #aa:dbus own bus=system name=org.bluez
 
-  dbus receive bus=system path=/
+  dbus send bus=system path=/{,MediaEndpoint}
        interface=org.freedesktop.DBus.ObjectManager
        member=GetManagedObjects
-       peer=(name=:*, label="{brave,NetworkManager,pulseaudio,upowerd}"),
-
-  dbus send bus=system path=/MediaEndpoint
-       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
-       peer=(name=:*, label=pulseaudio),
+       peer=(name=@{busname}),
 
   dbus send bus=system path=/
        interface=org.freedesktop.DBus.ObjectManager
        member=InterfacesRemoved
-       peer=(name=org.freedesktop.DBus, label="{jwupd,NetworkManager,pulseaudio,upowerd}"),
+       peer=(name=org.freedesktop.DBus),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index 643bbe96..5abf1d29 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -38,17 +38,13 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   network netlink raw,
 
   #aa:dbus own bus=system name=org.freedesktop.fwupd path=/
+  #aa:dbus talk bus=system name=org.freedesktop.UDisks2 label=udisksd
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member={GetConnectionUnixUser,GetConnectionUnixProcessID}
        peer=(name=org.freedesktop.DBus, label="@{p_dbus_system}"),
 
-  dbus send bus=system path=/org/freedesktop/UDisks2/Manager
-       interface=org.freedesktop.UDisks2.Manager
-       member=GetBlockDevices
-       peer=(name=:*, label=udisksd),
-
   @{exec_path} mr,
 
   @{lib}/fwupd/fwupd-detect-cet rix,
diff --git a/apparmor.d/profiles-g-l/gpu-manager b/apparmor.d/profiles-g-l/gpu-manager
index 8cc49acd..795c92f0 100644
--- a/apparmor.d/profiles-g-l/gpu-manager
+++ b/apparmor.d/profiles-g-l/gpu-manager
@@ -25,6 +25,7 @@ profile gpu-manager @{exec_path} {
   /var/lib/ubuntu-drivers-common/* rw,
 
   /var/log/gpu-manager.log w,
+  /var/log/gpu-manager-switch.log w,
 
   @{sys}/devices/@{pci}/boot_vga r,
   @{sys}/module/compression r,
diff --git a/apparmor.d/profiles-m-r/mount-cifs b/apparmor.d/profiles-m-r/mount-cifs
index 78651ba2..190db34d 100644
--- a/apparmor.d/profiles-m-r/mount-cifs
+++ b/apparmor.d/profiles-m-r/mount-cifs
@@ -12,16 +12,29 @@ profile mount-cifs @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
-  # To mount anything.
   capability sys_admin,
-
-  # (#FIXME#)
   capability setpcap,
 
+  network inet dgram,
   network inet stream,
+  network inet6 dgram,
   network inet6 stream,
   network netlink raw,
 
+  mount fstype=cifs -> @{HOME}/*/,
+  mount fstype=cifs -> @{HOME}/*/*/,
+  mount fstype=cifs -> @{MOUNTDIRS}/,
+  mount fstype=cifs -> @{MOUNTS}/,
+  mount fstype=cifs -> @{MOUNTS}/*/,
+  mount fstype=cifs -> @{MOUNTS}/*/*/,
+
+  umount @{HOME}/*/,
+  umount @{HOME}/*/*/,
+  umount @{MOUNTDIRS}/,
+  umount @{MOUNTS}/,
+  umount @{MOUNTS}/*/,
+  umount @{MOUNTS}/*/*/,
+
   @{exec_path} mr,
 
   @{bin}/systemd-ask-password rPUx,
@@ -31,18 +44,12 @@ profile mount-cifs @{exec_path} flags=(complain) {
   owner @{HOME}/.smbcredentials r,
 
   # Mount points
+  @{HOME}/*/ r,
+  @{HOME}/*/*/ r,
   @{MOUNTDIRS}/ r,
   @{MOUNTS}/ r,
   @{MOUNTS}/*/ r,
-
-  # Allow to mount smb/cifs disks only under the /media/ dirs
-  mount fstype=cifs -> @{MOUNTDIRS}/,
-  mount fstype=cifs -> @{MOUNTS}/,
-  mount fstype=cifs -> @{MOUNTS}/*/,
-
-  umount @{MOUNTDIRS}/,
-  umount @{MOUNTS}/,
-  umount @{MOUNTS}/*/,
+  @{MOUNTS}/*/*/ r,
 
   include if exists <local/mount-cifs>
 }
diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd
index 909112a7..90ea63dd 100644
--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@@ -132,7 +132,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   @{sys}/class/nvme/ r,
   @{sys}/devices/@{pci}/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w,
   @{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw,
-  @{sys}/devices/@{pci}/uevent r,
+  @{sys}/devices/@{pci}/uevent rw,
   @{sys}/devices/**/net/*/ r,
   @{sys}/devices/**/uevent r,
   @{sys}/devices/virtual/bdi/**/read_ahead_kb r,
diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber
index 87b4e27c..cc19872c 100644
--- a/apparmor.d/profiles-s-z/wireplumber
+++ b/apparmor.d/profiles-s-z/wireplumber
@@ -24,7 +24,7 @@ profile wireplumber @{exec_path} {
   network bluetooth stream,
   network netlink raw,
 
-  #aa:dbus own bus=session name=org.freedesktop.ReserveDevice1.Audio0
+  #aa:dbus own bus=session name=org.freedesktop.ReserveDevice1.Audio@{int}
 
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit
index 0801ac18..a332bd20 100644
--- a/apparmor.d/profiles-s-z/xinit
+++ b/apparmor.d/profiles-s-z/xinit
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/xinit
 profile xinit @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
   include <abstractions/nameservice-strict>
 
   signal (receive) set=(usr1) peer=xorg,