diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index d779aee8e..99e738fd2 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -267,6 +267,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
   deny owner @{HOME}/.* r,
   deny /tmp/MozillaUpdateLock-* w,
+  deny @{run}/user/@{uid}/gnome-shell-disable-extensions w,
 
   include if exists <local/firefox>
 }
diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open
index c62c49901..ad1c5f4ed 100644
--- a/apparmor.d/groups/children/child-open
+++ b/apparmor.d/groups/children/child-open
@@ -57,6 +57,7 @@ profile child-open {
   # Others
   /{usr/,}bin/discord{,-ptb}    rPx,
   /{usr/,}bin/draw.io          rPUx,
+  /{usr/,}bin/*Foliate         rPUx,
   /{usr/,}bin/dropbox           rPx,
   /{usr/,}bin/engrampa          rPx,
   /{usr/,}bin/eog              rPUx,
diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire
index e3cf46f48..f6834729a 100644
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@@ -59,6 +59,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
   / r,
   /.flatpak-info r,
 
+  owner /tmp/librnnoise-[0-9]*.so rm,
   owner @{run}/user/@{uid}/pipewire-[0-9]*.lock rwk,
 
   @{run}/udev/data/c23[4-9]:[0-9]* r,   # For dynamic assignment range 234 to 254
diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill
index 11085fccd..6c62686c2 100644
--- a/apparmor.d/groups/gnome/gsd-rfkill
+++ b/apparmor.d/groups/gnome/gsd-rfkill
@@ -86,7 +86,8 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  /sys/devices/virtual/misc/rfkill/uevent r,
+  @{sys}/devices/virtual/misc/rfkill/uevent r,
+
   /dev/rfkill rw,
 
   owner /dev/tty[0-9]* rw,
diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd
index 09e19c81e..1c7b77b8b 100644
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@@ -160,23 +160,26 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/+dmi:id r,
   @{run}/udev/data/+drm:* r,
   @{run}/udev/data/+hid:* r,
-  @{run}/udev/data/+input* r,       # for mouse, keyboard, touchpad
+  @{run}/udev/data/+input* r,         # For mouse, keyboard, touchpad
   @{run}/udev/data/+leds:* r,
   @{run}/udev/data/+pci* r,
   @{run}/udev/data/+platform* r,
   @{run}/udev/data/+rfkill:* r,
-  @{run}/udev/data/+sound:card* r,  # for sound
+  @{run}/udev/data/+sound:card* r,    # For sound
   @{run}/udev/data/+thunderbolt:* r,
-  @{run}/udev/data/c1:[0-9]* r,
-  @{run}/udev/data/c10:[0-9]* r,
-  @{run}/udev/data/c116:[0-9]* r,   # for ALSA
-  @{run}/udev/data/c13:[0-9]* r,    # for /dev/input/*
-  @{run}/udev/data/c2[0-9]*:[0-9]* r,
-  @{run}/udev/data/c23[0-9]:[0-9]* r,
+  @{run}/udev/data/c1:[0-9]* r  ,     # For RAM disk
+  @{run}/udev/data/c10:[0-9]* r,      # For non-serial mice, misc features
+  @{run}/udev/data/c13:[0-9]* r,      # For /dev/input/*
+  @{run}/udev/data/c29:* r,           # For /dev/fb[0-9]*
+  @{run}/udev/data/c90:[0-9]* r,      # For RAM, ROM, Flash
+  @{run}/udev/data/c116:[0-9]* r,     # For ALSA
+  @{run}/udev/data/c226:[0-9]* r,     # For /dev/dri/card[0-9]*
+  @{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254
   @{run}/udev/data/c24[0-9]:[0-9]* r,
-  @{run}/udev/data/c50[0-9]:[0-9]* r,
-  @{run}/udev/data/c51[0-9]:[0-9]* r,
-  @{run}/udev/data/c90:[0-9]* r,
+  @{run}/udev/data/c25[0-4]:[0-9]* r,
+  @{run}/udev/data/c3[0-9]*:[0-9]* r, # For dynamic assignment range 384 to 511
+  @{run}/udev/data/c4[0-9]*:[0-9]* r,
+  @{run}/udev/data/c5[0-9]*:[0-9]* r,
   @{run}/udev/data/n[0-9]* r,
 
   @{sys}/bus/[a-z]*/devices/ r,
diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber
index 041a693a1..dd2af8852 100644
--- a/apparmor.d/profiles-s-z/wireplumber
+++ b/apparmor.d/profiles-s-z/wireplumber
@@ -35,12 +35,15 @@ profile wireplumber @{exec_path} {
   @{run}/systemd/users/@{uid} r,
 
   @{run}/udev/data/+sound:card[0-9]* r, # For sound
-  @{run}/udev/data/c116:[0-9]* r,       # for ALSA
   @{run}/udev/data/c14:[0-9]* r,        # Open Sound System (OSS)
+  @{run}/udev/data/c81:[0-9]*  r,       # For video4linux
+  @{run}/udev/data/c116:[0-9]* r,       # For ALSA
   @{run}/udev/data/c23[4-9]:[0-9]* r,   # For dynamic assignment range 234 to 254
   @{run}/udev/data/c24[0-9]:[0-9]* r,
   @{run}/udev/data/c25[0-4]:[0-9]* r,
-  @{run}/udev/data/c81:[0-9]*  r,       # For video4linux
+  @{run}/udev/data/c3[0-9]*:[0-9]* r,   # For dynamic assignment range 384 to 511
+  @{run}/udev/data/c4[0-9]*:[0-9]* r,
+  @{run}/udev/data/c5[0-9]*:[0-9]* r,
 
   @{sys}/bus/ r,
   @{sys}/bus/media/devices/ r,
diff --git a/apparmor.d/tunables/xdg-user-dirs b/apparmor.d/tunables/xdg-user-dirs
index b32ceac6f..9f2f213a3 100644
--- a/apparmor.d/tunables/xdg-user-dirs
+++ b/apparmor.d/tunables/xdg-user-dirs
@@ -34,7 +34,7 @@
 # User personal keyrings
 @{XDG_SSH_DIR}=".ssh"
 @{XDG_GPG_DIR}=".gnupg"
-@{XDP_PASSWORD_STORE_DIR}=".password-store"
+@{XDG_PASSWORD_STORE_DIR}=".password-store"
 
 # Definition of local user configuration directories
 @{XDG_CACHE_HOME}=".cache"
@@ -71,7 +71,7 @@
 @{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}
 @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
 @{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
-@{user_password_store_dirs}=@{HOME}/@{XDP_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDP_PASSWORD_STORE_DIR}
+@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
 
 # Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
 # to the various XDG directories