diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium
index b6e9de32..2a7af7f8 100644
--- a/apparmor.d/abstractions/chromium
+++ b/apparmor.d/abstractions/chromium
@@ -148,12 +148,13 @@
   @{sys}/bus/ r,
   @{sys}/bus/**/devices/ r,
   @{sys}/class/**/ r,
-  @{sys}/devices/**/uevent r,
   @{sys}/devices/@{pci}/{in_intensity_sampling_frequency,in_intensity_scale,in_illuminance_raw} r,
   @{sys}/devices/@{pci}/boot_vga r,
   @{sys}/devices/@{pci}/report_descriptor r,
+  @{sys}/devices/**/uevent r,
   @{sys}/devices/system/cpu/kernel_max r,
   @{sys}/devices/virtual/**/report_descriptor r,
+  @{sys}/devices/virtual/tty/tty@{int}/active r,
 
         @{PROC}/ r,
         @{PROC}/@{pid}/fd/ r,
diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd
index 2920a65c..fcd1ab43 100644
--- a/apparmor.d/groups/_full/systemd
+++ b/apparmor.d/groups/_full/systemd
@@ -169,7 +169,8 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
   @{sys}/devices/virtual/dmi/id/product_name r,
   @{sys}/devices/virtual/dmi/id/product_version r,
   @{sys}/devices/virtual/tty/console/active r,
-  @{sys}/fs/**/ r,
+  @{sys}/fs/fuse/connections/ r,
+  @{sys}/fs/pstore/ r,
   @{sys}/fs/cgroup/{,**} rw,
   @{sys}/kernel/**/ r,
   @{sys}/module/**/uevent r,
diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session
index 896777d9..d098d7e8 100644
--- a/apparmor.d/groups/freedesktop/pipewire-media-session
+++ b/apparmor.d/groups/freedesktop/pipewire-media-session
@@ -23,6 +23,8 @@ profile pipewire-media-session @{exec_path} {
   network bluetooth stream,
   network netlink raw,
 
+  signal (receive) set=(cont term) peer=@{systemd_user},
+
   dbus receive bus=session
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd
index e1f45fb0..6fc6bde8 100644
--- a/apparmor.d/groups/freedesktop/polkitd
+++ b/apparmor.d/groups/freedesktop/polkitd
@@ -25,7 +25,7 @@ profile polkitd @{exec_path} flags=(attach_disconnected) {
 
   dbus send bus=system path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
-       member={GetConnectionUnixProcessID,GetConnectionUnixUser}
+       member={GetConnectionUnixProcessID,GetConnectionUnixUser,GetConnectionCredentials}
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
index 0d6cdc46..2963a801 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@@ -37,6 +37,10 @@ profile xdg-desktop-portal-gtk @{exec_path} {
   dbus receive bus=session path=/org/freedesktop/portal/desktop
        interface=org.freedesktop.impl.portal.Settings
        peer=(name=:*),
+  dbus send bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.impl.portal.Settings
+       member=SettingChanged
+       peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal),
 
   dbus send bus=session path=/org/gtk/Notifications
        interface=org.freedesktop.DBus.Properties
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index b41f0731..d3b1ad2b 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -25,6 +25,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
+  signal (receive) set=(cont term) peer=@{systemd_user},
   signal (receive) set=(term) peer=gdm,
 
   # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index 554e4e44..0a98a387 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -25,6 +25,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
+  signal (receive) set=(cont term)  peer=@{systemd_user},
   signal (receive) set=(term, kill) peer=gdm,
   signal (receive) set=(hup)        peer=gdm-session-worker,
 
diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 8a640b31..74ad46b8 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -54,6 +54,8 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
 
   ptrace (read,trace) peer=@{systemd},
 
+  unix (bind) type=stream addr=@@{hex}/bus/sshd/system,
+
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
        member={CreateSession,ReleaseSession,CreateSessionWithPIDFD}
diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl
index 6a9e6cb9..3bfe27a1 100644
--- a/apparmor.d/groups/systemd/networkctl
+++ b/apparmor.d/groups/systemd/networkctl
@@ -16,14 +16,16 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
   capability sys_module,
   audit capability sys_resource,
 
-  ptrace (read) peer=@{systemd},
-
-  signal send peer=child-pager,
-
   network inet dgram,
   network inet6 dgram,
   network netlink raw,
 
+  signal send peer=child-pager,
+
+  ptrace (read) peer=@{systemd},
+
+  unix (bind) type=stream addr=@@{hex}/bus/networkctl/system,
+
   # dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed
index 41fb0dea..8a1810c6 100644
--- a/apparmor.d/groups/systemd/systemd-hostnamed
+++ b/apparmor.d/groups/systemd/systemd-hostnamed
@@ -16,6 +16,8 @@ profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
 
   capability sys_admin,  # To set a hostname
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-hostnam/system,
+
   # dbus: own bus=system name=org.freedesktop.hostname1
 
   dbus send bus=system path=/org/freedesktop/DBus
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index d896c5d6..5b8671c7 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -29,6 +29,8 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
 
   # mqueue r type=posix /,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-logind/system,
+
   # dbus: own bus=system name=org.freedesktop.login1
 
   # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"
@@ -131,10 +133,10 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
         @{PROC}/sysvipc/{shm,sem,msg} r,
   owner @{PROC}/@{pid}/fdinfo/@{int} r,
 
-  /dev/dri/card@{int} rw,
-  /dev/input/event@{int} rw,  # Input devices (keyboard, mouse, etc)
-  /dev/mqueue/ r,
-  /dev/tty@{int} rw,
+        /dev/dri/card@{int} rw,
+        /dev/input/event@{int} rw,  # Input devices (keyboard, mouse, etc)
+        /dev/mqueue/ r,
+        /dev/tty@{int} rw,
   owner /dev/shm/{,**/} rw,
 
   include if exists <local/systemd-logind>
diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd
index ab144453..61d41284 100644
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@@ -27,6 +27,8 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
   network packet dgram,
   network packet raw,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-network/bus-api-network,
+
   # dbus: own bus=system name=org.freedesktop.network1
 
   dbus send bus=system path=/org/freedesktop/hostname1
diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated
index be9d0568..253a3236 100644
--- a/apparmor.d/groups/systemd/systemd-timedated
+++ b/apparmor.d/groups/systemd/systemd-timedated
@@ -15,6 +15,8 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   capability sys_time,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-timedat/system,
+
   # dbus: own bus=system name=org.freedesktop.timedate1
 
   dbus send bus=system path=/org/freedesktop/systemd1/unit/*
diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd
index 6c87222b..3bafe890 100644
--- a/apparmor.d/groups/systemd/systemd-timesyncd
+++ b/apparmor.d/groups/systemd/systemd-timesyncd
@@ -21,6 +21,8 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
   network inet stream,
   network inet6 stream,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-timesyn/bus-api-timesync,
+
   # dbus: own bus=system name=org.freedesktop.timesync1
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/systemd/systemd-update-utmp b/apparmor.d/groups/systemd/systemd-update-utmp
index ae45f119..d4859606 100644
--- a/apparmor.d/groups/systemd/systemd-update-utmp
+++ b/apparmor.d/groups/systemd/systemd-update-utmp
@@ -17,6 +17,8 @@ profile systemd-update-utmp @{exec_path} {
 
   network netlink raw,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-update-/,
+
   @{exec_path} mr,
 
   @{run}/host/container-manager r,
diff --git a/apparmor.d/groups/systemd/systemd-user-runtime-dir b/apparmor.d/groups/systemd/systemd-user-runtime-dir
index 74ddfa68..d80e4a24 100644
--- a/apparmor.d/groups/systemd/systemd-user-runtime-dir
+++ b/apparmor.d/groups/systemd/systemd-user-runtime-dir
@@ -23,6 +23,8 @@ profile systemd-user-runtime-dir @{exec_path} {
   mount fstype=tmpfs options=(rw,nosuid,nodev) -> @{run}/user/@{uid}/,
   umount @{run}/user/@{uid}/,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-user-ru/system,
+
   @{exec_path} mr,
 
   /etc/machine-id r,
diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm
index 85144b65..5ec1d859 100644
--- a/apparmor.d/profiles-g-l/lvm
+++ b/apparmor.d/profiles-g-l/lvm
@@ -23,9 +23,12 @@ profile lvm @{exec_path} flags=(attach_disconnected) {
 
   ptrace (read),
 
+  # mqueue r type=posix /,
+
   @{exec_path} rm,
 
   @{etc_rw}/lvm/** rwkl,
+  /etc/multipath.conf r,
 
   @{run}/lock/ rw,
   @{run}/lock/lvm/ rw,
diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd
index 114f6592..130b8dcc 100644
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@@ -48,6 +48,8 @@ profile snapd @{exec_path} {
   ptrace (read) peer=snap,
   ptrace (read) peer=@{systemd},
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemctl/,
+
   dbus send bus=system path=/org/freedesktop/
          interface=org.freedesktop.login1.Manager
          member={SetWallMessage,ScheduleShutdown}
diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d
index de01f017..69bf2646 100644
--- a/apparmor.d/tunables/home.d/apparmor.d
+++ b/apparmor.d/tunables/home.d/apparmor.d
@@ -46,7 +46,7 @@
 @{user_lib_dirs}=@{HOME}/@{XDG_LIB_DIR}
 
 # User build directories and output
-@{user_build_dirs}="/tmp/"
+@{user_build_dirs}="/tmp/build/"
 @{user_pkg_dirs}="/tmp/pkg/"
 @{user_tmp_dirs}=@{run}/user/@{uid} /tmp/
 @{user_img_dirs}=@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}
diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths
index 4c6b97a0..7763d928 100644
--- a/apparmor.d/tunables/multiarch.d/paths
+++ b/apparmor.d/tunables/multiarch.d/paths
@@ -4,9 +4,11 @@
 
 # Define some paths for some commonly used programs
 
-# All the shells
+# Default distribution shells
 @{sh} = sh zsh bash dash
 @{sh_path} = @{bin}/@{sh}
+
+# All interactive shells users may want to use
 @{shells} = sh zsh bash dash fish rbash ksh tcsh csh
 @{shells_path} = @{bin}/@{shells}