diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt
index f67f9c65e..58ee12606 100644
--- a/apparmor.d/groups/apt/apt
+++ b/apparmor.d/groups/apt/apt
@@ -45,10 +45,10 @@ profile apt @{exec_path} flags=(attach_disconnected) {
        member={GetConnectionUnixProcessID,GetConnectionUnixUser}
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
-  dbus send bus=system path=/org/freedesktop/DBus/Bus
+  dbus send bus=system
        interface=org.freedesktop.DBus.Introspectable
        member=Introspect
-       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
+       peer=(name="{:*,org.freedesktop.DBus}"),
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd
index 4ea398078..92b145df5 100644
--- a/apparmor.d/groups/freedesktop/plymouthd
+++ b/apparmor.d/groups/freedesktop/plymouthd
@@ -39,7 +39,7 @@ profile plymouthd @{exec_path} {
 
   @{run}/plymouth/{,**} rw,
 
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/c226:@{int} r,         # For /dev/dri/card[0-9]*
   @{run}/udev/data/c29:@{int} r,          # For /dev/fb[0-9]*
 
diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg
index faf47e8ed..7ed101d21 100644
--- a/apparmor.d/groups/freedesktop/xorg
+++ b/apparmor.d/groups/freedesktop/xorg
@@ -108,7 +108,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
 
   @{run}/udev/data/+acpi:* r,             # for acpi
   @{run}/udev/data/+dmi* r,               # for ?
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard
   @{run}/udev/data/+i2c:* r,
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm
index 43655f243..e20e65bb1 100644
--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@@ -68,7 +68,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
   @{run}/systemd/sessions/* r,
   @{run}/systemd/users/@{uid} r,
 
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+pci:* r,
   @{run}/udev/data/c226:@{int} r,         # for /dev/dri/card*
 
diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power
index ceeae8b3f..59d3b4762 100644
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@@ -58,7 +58,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
   /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
   @{run}/udev/data/+backlight:* r,
-  @{run}/udev/data/+drm:card* r,
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+leds:* r,
 
   @{run}/systemd/inhibit/[0-9]*.ref rw,
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index a4cc04a8b..082e66a90 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -97,8 +97,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   @{bin}/net                rPUx,
   @{bin}/tracker3           rPUx,
 
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop  rPx -> child-open,
-  @{lib}/gio-launch-desktop                           rPx -> child-open,
+  @{open_path}               rPx -> child-open,
 
   /usr/share/icu/@{int}.@{int}/*.dat r,
   /usr/share/libdrm/*.ids r,
diff --git a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
index d494dd3f9..ce4289764 100644
--- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
+++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
@@ -27,9 +27,7 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
 
   @{bin}/gjs-console r,
 
-  @{bin}/xdg-open                                    rPx -> child-open,
-  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
-  @{lib}/gio-launch-desktop                          rPx -> child-open,
+  @{open_path}         rPx -> child-open,
 
   /usr/share/sushi/org.gnome.NautilusPreviewer.*.gresource r,
 
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index 832bede98..4573cdaca 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -78,9 +78,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
   @{run}/blkid/blkid.tab r,
   @{run}/mount/utab r,
 
-  @{run}/udev/data/c3[0-9]*:@{int} r,     # For dynamic assignment range 384 to 511
-  @{run}/udev/data/c4[0-9]*:@{int} r,
-  @{run}/udev/data/c5[0-9]*:@{int} r,
+  @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
         @{PROC}/@{pid}/cmdline r,
         @{PROC}/sys/fs/fanotify/max_user_marks r,
diff --git a/apparmor.d/groups/network/netplan.script b/apparmor.d/groups/network/netplan.script
index 290a5603e..a3b011111 100644
--- a/apparmor.d/groups/network/netplan.script
+++ b/apparmor.d/groups/network/netplan.script
@@ -16,20 +16,21 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
 
   @{lib}/netplan/generate  rix,
   @{bin}/udevadm           rCx -> udevadm,
+  @{bin}/systemctl         rCx -> systemctl, 
 
   /usr/share/netplan/{,**} r,
 
   /etc/netplan/{,*} r,
 
-  @{run}/NetworkManager/conf.d/10-globally-managed-devices.conf w,
+  @{run}/NetworkManager/conf.d/10-globally-managed-devices.conf{,.@{rand6}} w,
   @{run}/NetworkManager/system-connections/ r,
-  @{run}/NetworkManager/system-connections/netplan-*.nmconnection w,
+  @{run}/NetworkManager/system-connections/netplan-*.nmconnection{,.@{rand6}} w,
   @{run}/systemd/system/ r,
   @{run}/systemd/system/netplan-* rw,
   @{run}/systemd/system/systemd-networkd.service.wants/ r,
   @{run}/systemd/system/systemd-networkd.service.wants/netplan-*.service rw,
-
   @{run}/udev/rules.d/ r,
+  @{run}/udev/rules.d/90-netplan.rules{,.@{rand6}} rw,
 
   profile udevadm {
     include <abstractions/base>
@@ -39,11 +40,21 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
 
     /etc/udev/udev.conf r,
 
+    @{run}/udev/control rw,
     @{run}/udev/rules.d/90-netplan.rules rw,
     @{run}/udev/rules.d/90-netplan.rules.@{rand6} rw,
 
     include if exists <local/netplan.script_udevadm>
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemd-common>
+
+    @{bin}/systemctl mr,
+
+    include if exists <local/netplan.script_systemctl>
+  }
+
   include if exists <local/netplan.script>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/network/nm-online b/apparmor.d/groups/network/nm-online
index d203b0fa9..d68e2cfa7 100644
--- a/apparmor.d/groups/network/nm-online
+++ b/apparmor.d/groups/network/nm-online
@@ -12,6 +12,11 @@ profile nm-online @{exec_path} {
   include <abstractions/bus-system>
   include <abstractions/bus/org.freedesktop.NetworkManager>
 
+  dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/@{int}
+       interface=org.freedesktop.NetworkManager.Connection.Active
+       member=StateChanged
+       peer=(name=:*, label=NetworkManager),
+
   @{exec_path} mr,
 
   include if exists <local/nm-online>
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index 6c52cdff1..260961330 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -66,7 +66,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
   @{run}/udev/static_node-tags/uaccess/ r,
 
   @{run}/udev/data/+backlight:* r,
-  @{run}/udev/data/+drm:card[0-9]-* r,    # For screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
   @{run}/udev/data/+pci:* r,
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf
index fb82fbe20..ffb810bc8 100644
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@@ -56,7 +56,7 @@ profile subiquity-console-conf @{exec_path} {
 
   @{run}/udev/data/+acpi:* r,
   @{run}/udev/data/+dmi* r,
-  @{run}/udev/data/+drm* r,
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
   @{run}/udev/data/+leds:* r,
   @{run}/udev/data/+pci:* r,
diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager
index 1511c568a..eebce072e 100644
--- a/apparmor.d/groups/ubuntu/update-manager
+++ b/apparmor.d/groups/ubuntu/update-manager
@@ -59,6 +59,7 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
   /etc/gtk-3.0/settings.ini r,
   /etc/pulse/client.conf r,
   /etc/pulse/client.conf.d/{,**} r,
+  /etc/ubuntu-advantage/uaclient.conf r,
   /etc/update-manager/{,**} r,
 
   /boot/ r,
@@ -78,9 +79,9 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
 
   @{run}/systemd/inhibit/*.ref w,
 
+        @{PROC}/@{pids}/mountinfo r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
-        @{PROC}/@{pids}/mountinfo r,
 
   /dev/ptmx rw,
   /dev/shm/ r,
diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd
index edd162d8f..8a118b03b 100644
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@@ -162,7 +162,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/+backlight:* r,
   @{run}/udev/data/+bluetooth:* r,
   @{run}/udev/data/+dmi:id r,
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # For screen outputs
   @{run}/udev/data/+hid:* r,
   @{run}/udev/data/+input:input@{int} r,  # For mouse, keyboard, touchpad
   @{run}/udev/data/+leds:* r,
diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd
index f713c03df..38ce735a2 100644
--- a/apparmor.d/groups/virt/virtnodedevd
+++ b/apparmor.d/groups/virt/virtnodedevd
@@ -48,7 +48,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/+backlight:* r,
   @{run}/udev/data/+bluetooth:* r,
   @{run}/udev/data/+dmi:id r,
-  @{run}/udev/data/+drm:card[0-9]-* r,    # For screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # for screen outputs
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
   @{run}/udev/data/+leds:* r,
   @{run}/udev/data/+pci:* r,
diff --git a/apparmor.d/profiles-a-f/cups-notifier-dbus b/apparmor.d/profiles-a-f/cups-notifier-dbus
index a6848b7d2..59b1b3ae1 100644
--- a/apparmor.d/profiles-a-f/cups-notifier-dbus
+++ b/apparmor.d/profiles-a-f/cups-notifier-dbus
@@ -10,6 +10,7 @@ include <tunables/global>
 profile cups-notifier-dbus @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
+  include <abstractions/bus-system>
   include <abstractions/nameservice-strict>
 
   signal (receive) set=(term) peer=cupsd,
diff --git a/apparmor.d/profiles-a-f/dleyna-server-service b/apparmor.d/profiles-a-f/dleyna-server-service
index bdb622a24..62a5cdadd 100644
--- a/apparmor.d/profiles-a-f/dleyna-server-service
+++ b/apparmor.d/profiles-a-f/dleyna-server-service
@@ -14,6 +14,7 @@ profile dleyna-server-service @{exec_path} {
   network inet6 dgram,
   network inet stream,
   network inet6 stream,
+  network netlink dgram,
   network netlink raw,
 
   @{exec_path} mr,
diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc
index e5fca2be4..8b6ad5602 100644
--- a/apparmor.d/profiles-g-l/labwc
+++ b/apparmor.d/profiles-g-l/labwc
@@ -45,7 +45,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/uevent r,
 
   @{run}/udev/data/+acpi:* r,             # for ?
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # for screen outputs
   @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard
   @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard
   @{run}/udev/data/+pci:* r,              # for VGA compatible controller
diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop
index 7c60a23a2..7e339a324 100644
--- a/apparmor.d/profiles-m-r/nvtop
+++ b/apparmor.d/profiles-m-r/nvtop
@@ -27,7 +27,7 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/nvtop/{,**} rw,
 
   @{run}/systemd/inhibit/*.ref r,
-  @{run}/udev/data/+drm:card[0-9]-* r,
+  @{run}/udev/data/+drm:card@{int}-* r,   # for screen outputs
   @{run}/udev/data/+pci:* r,
   @{run}/udev/data/c226:@{int} r,         # For /dev/dri/card*
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control
index aa11bcbac..3172aa62f 100644
--- a/apparmor.d/profiles-s-z/switcheroo-control
+++ b/apparmor.d/profiles-s-z/switcheroo-control
@@ -19,7 +19,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  @{run}/udev/data/+drm:card[0-9]-* r,    # for screen outputs
+  @{run}/udev/data/+drm:card@{int}-* r,   # for screen outputs
   @{run}/udev/data/+pci:* r,
 
   @{run}/udev/data/c226:@{int} r,         # for /dev/dri/card* 
diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird
index f2ee64729..64827e568 100644
--- a/apparmor.d/profiles-s-z/thunderbird
+++ b/apparmor.d/profiles-s-z/thunderbird
@@ -50,7 +50,7 @@ profile thunderbird @{exec_path} {
 
   ptrace peer=@{profile_name},
 
-  dbus bind bus=session name=org.mozilla.thunderbird.*,
+  # dbus: own bus=session name=org.mozilla.thunderbird
 
   dbus receive bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager