diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse
index 2695a1bf7..4741b0f31 100644
--- a/apparmor.d/groups/gvfs/gvfsd-fuse
+++ b/apparmor.d/groups/gvfs/gvfsd-fuse
@@ -23,17 +23,25 @@ profile gvfsd-fuse @{exec_path} {
   dbus send bus=session path=/org/gtk/vfs/mounttracker
        interface=org.gtk.vfs.MountTracker
        member=RegisterFuse
-       peer=(name=:*, label=gvfsd),
+       peer=(name=@{busname}, label=gvfsd),
 
   dbus receive bus=session path=/
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=:*, label=gnome-shell),
+       peer=(name=@{busname}, label=gnome-shell),
+
+  dbus send bus=session path=/org/gtk/vfs/Daemon
+       interface=org.gtk.vfs.Daemon
+       member=GetConnection
+       peer=(name=@{busname}, label=gvfsd-sftp),
 
   @{exec_path} mr,
 
   @{bin}/fusermount{,3} rCx -> fusermount,
 
+  owner @{run}/user/@{uid}/gvfsd-fuse/ rw,
+  owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} w,
+
   @{PROC}/sys/fs/pipe-max-size r,
 
   /dev/fuse rw,
diff --git a/apparmor.d/groups/gvfs/gvfsd-sftp b/apparmor.d/groups/gvfs/gvfsd-sftp
index 76bb55e98..1019a1525 100644
--- a/apparmor.d/groups/gvfs/gvfsd-sftp
+++ b/apparmor.d/groups/gvfs/gvfsd-sftp
@@ -17,28 +17,26 @@ profile gvfsd-sftp @{exec_path} {
   include <abstractions/nameservice-strict>
 
   #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
+  #aa:dbus talk bus=session name=org.gtk.vfs.{M,m}ountTracker label=gvfsd
 
   dbus receive bus=session path=/org/gtk/vfs/Daemon
        interface=org.gtk.vfs.Daemon
        member=GetConnection
-       peer=(name=@{busname}, label=gnome-extension-gsconnect),
-  dbus receive bus=session path=/org/gtk/vfs/Daemon
-       interface=org.gtk.vfs.Daemon
-       member=GetConnection
-       peer=(name=@{busname}, label=nautilus),
+       peer=(name=@{busname}),
 
   dbus receive bus=session path=/org/gtk/vfs/mountable
        interface=org.gtk.vfs.Mountable
        member=Mount
-       peer=(name=:*, label=gvfsd),
+       peer=(name=@{busname}, label=gvfsd),
   dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int}
        interface=org.gtk.vfs.Spawner
        member=Spawned
-       peer=(name=:*, label=gvfsd),
-  dbus send bus=session path=/org/gtk/vfs/mounttracker
-       interface=org.gtk.vfs.MountTracker
-       member=RegisterMount
-       peer=(name=:*, label=gvfsd),
+       peer=(name=@{busname}, label=gvfsd),
+
+  dbus send bus=session path=/org/gtk/gvfs/mountop/@{int}
+       interface=org.gtk.vfs.MountOperation
+       member={AskQuestion,AskPassword}
+       peer=(name=@{busname}),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gvfs/gvfsd-wsdd b/apparmor.d/groups/gvfs/gvfsd-wsdd
index 0dee4e73b..7f4c20718 100644
--- a/apparmor.d/groups/gvfs/gvfsd-wsdd
+++ b/apparmor.d/groups/gvfs/gvfsd-wsdd
@@ -15,6 +15,7 @@ profile gvfsd-wsdd @{exec_path} {
   include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/nameservice-strict>
 
+  network inet dgram, # ip=127.0.0.1 peer=(ip=127.0.0.*, port=53),
   network netlink raw,
 
   #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_wsdd
@@ -47,6 +48,7 @@ profile gvfsd-wsdd @{exec_path} {
   @{bin}/env mr,
   @{bin}/wsdd rPx,
 
+        @{run}/avahi-daemon/socket rw,
         @{run}/mount/utab r,
   owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
   owner @{run}/user/@{uid}/gvfsd/wsdd rw,