diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app
index 3029fb80b..3b425e505 100644
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@@ -135,6 +135,8 @@
   owner @{PROC}/@{pid}/task/ r,
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
+  owner @{att}/dev/shm/@{uuid} r,
+
   /dev/hidraw@{int} rw,
   /dev/input/ r,
   /dev/input/event@{int} rw,
diff --git a/apparmor.d/groups/flatpak/flatpak-app b/apparmor.d/groups/flatpak/flatpak-app
index a816e58b8..4199e92b1 100644
--- a/apparmor.d/groups/flatpak/flatpak-app
+++ b/apparmor.d/groups/flatpak/flatpak-app
@@ -83,7 +83,6 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
   /var/lib/flatpak/app/{,**} r,
   /var/lib/flatpak/exports/** rw,
 
-        @{run}/.userns r,
         @{run}/parent/** r,
         @{run}/parent/app/.ref rk,
         @{run}/parent/usr/.ref rk,
diff --git a/apparmor.d/groups/flatpak/flatpak-portal b/apparmor.d/groups/flatpak/flatpak-portal
index 8a8d2b901..84e2d7964 100644
--- a/apparmor.d/groups/flatpak/flatpak-portal
+++ b/apparmor.d/groups/flatpak/flatpak-portal
@@ -31,7 +31,7 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) {
 
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
-  owner @{att}/ r,
+  owner /att/**/ r,
   owner @{att}/.flatpak-info r,
 
   owner @{HOME}/.var/app/*/**/.ref rw,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal
index 5c62b0771..5e27ac845 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal
@@ -65,8 +65,8 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
   @{open_path}                            rPx -> child-open,
 
         / r,
-  @{att}/ r,
   @{att}/.flatpak-info r,
+  owner /att/**/ r,
 
   /usr/share/dconf/profile/gdm r,
   /usr/share/xdg-desktop-portal/** r,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
index fc11b0700..c9585e2ab 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@@ -52,7 +52,7 @@ profile xdg-desktop-portal-gtk @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
 
               / r,
-  owner @{att}/ r,
+  owner /att/**/ r,
 
   owner /var/lib/xkb/server-@{int}.xkm rw,
 
diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal
index 93cac619e..d2db2612e 100644
--- a/apparmor.d/groups/freedesktop/xdg-document-portal
+++ b/apparmor.d/groups/freedesktop/xdg-document-portal
@@ -44,7 +44,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
   @{bin}/snap            rPx,
 
               / r,
-  owner @{att}/ r,
+  owner /att/**/ r,
   owner @{att}/.flatpak-info r,
 
   owner @{HOME}/ r,
diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
index e2f297045..288665770 100644
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@@ -73,7 +73,6 @@
 # Disabled on abi3 and Ubuntu 25.04+
 # See https://apparmor.pujol.io/development/internal/#re-attached-path
 @{att}=/
-
 alias / -> //,
 
 # vim:syntax=apparmor
diff --git a/pkg/prebuild/prepare/attach.go b/pkg/prebuild/prepare/attach.go
index a87ff9071..3331c73dc 100644
--- a/pkg/prebuild/prepare/attach.go
+++ b/pkg/prebuild/prepare/attach.go
@@ -33,5 +33,6 @@ func (p ReAttach) Apply() ([]string, error) {
 		return res, err
 	}
 	out = strings.ReplaceAll(out, "@{att}=/", "# @{att}=/")
+	out = strings.ReplaceAll(out, "alias / -> //,", "#alias / -> //,")
 	return res, path.WriteFile([]byte(out))
 }