diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd
index f1d67b038..d055135bd 100644
--- a/apparmor.d/groups/_full/systemd
+++ b/apparmor.d/groups/_full/systemd
@@ -181,10 +181,10 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
 
   # Systemd profiles that need be stacked
   #aa:stack systemd-networkd systemd-oomd systemd-resolved systemd-timesyncd
-  @{lib}/systemd/systemd-networkd   Px -> systemd//&systemd-networkd,
-  @{lib}/systemd/systemd-oomd       Px -> systemd//&systemd-oomd,
-  @{lib}/systemd/systemd-resolved   Px -> systemd//&systemd-resolved,
-  @{lib}/systemd/systemd-timesyncd  Px -> systemd//&systemd-timesyncd,
+  @{lib}/systemd/systemd-networkd   px -> systemd//&systemd-networkd,
+  @{lib}/systemd/systemd-oomd       px -> systemd//&systemd-oomd,
+  @{lib}/systemd/systemd-resolved   px -> systemd//&systemd-resolved,
+  @{lib}/systemd/systemd-timesyncd  px -> systemd//&systemd-timesyncd,
 
   @{lib}/ r,
   / r,
@@ -208,6 +208,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
   /etc/networkd-dispatcher/{,**} r,
   /etc/systemd/{,**} r,
   /etc/udev/hwdb.d/{,**} r,
+  /etc/systemd/system/multi-user.target.wants/{,*} w,
 
         /var/log/dmesg rw,
         /var/lib/systemd/{,**} rw,
@@ -235,6 +236,7 @@ profile systemd flags=(attach_disconnected,mediate_deleted) {
   @{run}/udev/data/+module:configfs r,
   @{run}/udev/data/+module:fuse r,
   @{run}/udev/data/c4:@{int} r,           # For TTY devices
+  @{run}/udev/data/c5:@{int}   r,         # for /dev/tty, /dev/console, /dev/ptmx
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
   @{run}/udev/data/c116:@{int} r,         # For ALSA
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511