diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s
index 097aa2ec9..0da4b4e45 100644
--- a/apparmor.d/groups/virt/k3s
+++ b/apparmor.d/groups/virt/k3s
@@ -26,7 +26,7 @@ profile k3s @{exec_path} {
   capability sys_resource,
 
   ptrace peer=@{profile_name},
-  ptrace (read) peer={cri-containerd.apparmor.d,cni-xtables-nft,ip,kubernetes-pause,mount,unconfined},
+  ptrace (read) peer={cni-calico-node,cri-containerd.apparmor.d,cni-xtables-nft,ip,kmod,kubernetes-pause,mount,unconfined},
 
   # k3s requires ptrace to all AppArmor profiles loaded in Kubernetes
   # For simplification, let's assume for now all AppArmor profiles start with a predefined prefix.
diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd
index e7d3b197d..5a311a22f 100644
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/fwupd @{libexec}/fwupd/fwupd
 profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/disks-read>
   include <abstractions/nameservice-strict>
@@ -37,7 +38,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
 
   dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
        interface=org.freedesktop.DBus.Properties
-       member=GetAll,
+       member={Changed,GetAll},
 
   dbus send bus=system path=/org/freedesktop/UDisks2/block_devices/*
        interface=org.freedesktop.DBus.Properties
@@ -53,6 +54,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
 
   dbus receive bus=system path=/
        interface=org.freedesktop.fwupd,
+       member=Changed,
 
   dbus receive bus=system path=/
        interface=org.freedesktop.DBus.Properties
diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent
index fb894967e..021c12925 100644
--- a/apparmor.d/profiles-m-r/pkttyagent
+++ b/apparmor.d/profiles-m-r/pkttyagent
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/pkttyagent
 profile pkttyagent @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>