diff --git a/apparmor.d/groups/network/netplan.script b/apparmor.d/groups/network/netplan.script
index 8f5a9b5a6..5bffd6d95 100644
--- a/apparmor.d/groups/network/netplan.script
+++ b/apparmor.d/groups/network/netplan.script
@@ -16,6 +16,7 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
 
   @{lib}/netplan/generate  rPx,
   @{bin}/udevadm           rCx -> udevadm,
+  @{bin}/systemctl         rCx -> systemctl,
 
   /usr/share/netplan/{,**} r,
 
@@ -35,6 +36,13 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
     include if exists <local/netplan.script_udevadm>
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    include if exists <local/netplan.script_systemctl>
+  }
+
   include if exists <local/netplan.script>
 }
 
diff --git a/apparmor.d/groups/network/networkd-dispatcher b/apparmor.d/groups/network/networkd-dispatcher
index 45fbf76aa..f593db162 100644
--- a/apparmor.d/groups/network/networkd-dispatcher
+++ b/apparmor.d/groups/network/networkd-dispatcher
@@ -21,7 +21,7 @@ profile networkd-dispatcher @{exec_path} {
   @{exec_path} mr,
 
   @{bin}/ r,
-  @{bin}/chronyc     rPx,
+  @{bin}/chronyc    rPUx,
   @{bin}/ls          rix,
   @{bin}/networkctl  rPx,
   @{bin}/sed         rix,
diff --git a/apparmor.d/groups/snap/snapd b/apparmor.d/groups/snap/snapd
index 46c4b3cb2..cde0d7a23 100644
--- a/apparmor.d/groups/snap/snapd
+++ b/apparmor.d/groups/snap/snapd
@@ -110,6 +110,11 @@ profile snapd @{exec_path} {
   /etc/modprobe.d/{,**/} r,
   /etc/modules-load.d/{,**/} r,
   /etc/modules-load.d/*snap* rw,
+  /etc/systemd/system/{,**/} r,
+  /etc/systemd/system/snap* rw,
+  /etc/systemd/user/{,**/} rw,
+  /etc/systemd/user/**/*snap* rw,
+  /etc/systemd/user/*snap* rw,
   /etc/udev/rules.d/{,*snap*} rw,
 
   /snap/{,**} rw,
@@ -180,6 +185,7 @@ profile snapd @{exec_path} {
     include <abstractions/app/systemctl>
 
     capability net_admin,
+    capability sys_resource,
 
     /etc/systemd/system/{,**/} r,
     /etc/systemd/system/snap* rw,
diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs
index c377889c8..15554adb8 100644
--- a/apparmor.d/profiles-m-r/mkinitramfs
+++ b/apparmor.d/profiles-m-r/mkinitramfs
@@ -75,6 +75,8 @@ profile mkinitramfs @{exec_path} {
   /usr/share/initramfs-tools/{,**} r,
   /etc/initramfs-tools/{,**} r,
 
+  /etc/xattr.conf r,
+
   # For shell pwd
   / r,
   /etc/ r,
@@ -174,7 +176,7 @@ profile mkinitramfs @{exec_path} {
 
     owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/ r,
     owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/modules.* rw,
-    owner /var/tmp/mkinitramfs_@{rand6}usr/lib/modules/*/updates/{,**} r,
+    owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/updates/{,**} r,
     owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/{,**/} r,
     owner /var/tmp/mkinitramfs_@{rand6}/usr/lib/modules/*/kernel/**/*.ko* r,