/run -> @{run}, [0-9]* -> @{uid}.

apparmor.d/profiles-s-z/spacefm

@@ -77,9 +77,9 @@ profile spacefm @{exec_path} {
         /root/    r,
         /root/**  r,
   owner /root/**  rw,
-        /run/     r,
-        /run/**   r,
-  owner /run/**   rw,
+        @{run}/   r,
+        @{run}/** r,
+  owner @{run}/** rw,
         /srv/     r,
         /srv/**   r,
   owner /srv/**   rw,

apparmor.d/profiles-s-z/usr.bin.pidgin

@@ -48,7 +48,7 @@ include <tunables/global>
   # Uncomment the two following lines if you want to allow Pidgin to update
   # any DConf setting:
   # owner @{HOME}/.{cache,config}/dconf/user rw,
-  # owner /{,var/}run/user/[0-9]*/dconf/user rwk,
+  # owner /{,var/}run/user/@{uid}/dconf/user rwk,
 
   /{usr/,}bin/dash rix,
   /{usr/,}bin/which rix,

apparmor.d/profiles-s-z/usr.bin.totem

@@ -47,9 +47,9 @@
   # Allow usage of openat with O_TMPFILE
   owner @{HOME}/#[0-9]*[0-9] m,
 
-  owner /{,var/}run/user/*/dconf/user w,
-  owner /{,var/}run/user/*/at-spi2-*/   rw,
-  owner /{,var/}run/user/*/at-spi2-*/** rw,
+  owner /{,var/}run/user/@{uid}/dconf/user w,
+  owner /{,var/}run/user/@{uid}/at-spi2-*/   rw,
+  owner /{,var/}run/user/@{uid}/at-spi2-*/** rw,
 
   /sys/devices/pci[0-9]*/**/config r,
   /sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r,

apparmor.d/profiles-s-z/usr.sbin.cupsd

@@ -50,7 +50,7 @@
   # CUPS is of systemd service type "notify" now, meaning that cupsd notifies
   # systemd when it is up and running, give CUPS access to systemd's
   # notification socket
-  /run/systemd/notify w,
+  @{run}/systemd/notify w,
 
   /{usr/,}bin/bash ixr,
   /{usr/,}bin/dash ixr,