diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict
index 315f81e01..c5405d905 100644
--- a/apparmor.d/abstractions/user-download-strict
+++ b/apparmor.d/abstractions/user-download-strict
@@ -5,10 +5,14 @@
 
   abi <abi/3.0>,
 
+  # new user; change to 'c'
+  owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
+  owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,
+
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
   owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl -> @{HOME}/@{XDG_DESKTOP_DIR}/**,
 
   owner @{user_download_dirs}/ r,
   owner @{user_download_dirs}/** rwkl -> @{user_download_dirs}/**,
 
-  include if exists <abstractions/user-download-strict.d>
\ No newline at end of file
+  include if exists <abstractions/user-download-strict.d>
diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox
index 1c5a9e142..8c4561375 100644
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@@ -7,12 +7,12 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{firefox_name} = firefox{,-esr}
+@{firefox_name} = firefox{,-esr,-bin}
 @{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name}
 @{firefox_config_dirs} = @{HOME}/.mozilla/
 @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/
 
-@{exec_path} = /{usr/,}bin/@{firefox_name} @{firefox_lib_dirs}/@{firefox_name}{-bin,}
+@{exec_path} = /{usr/,}bin/@{firefox_name} @{firefox_lib_dirs}/@{firefox_name}
 profile firefox @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio>
@@ -173,8 +173,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   /etc/xul-ext/kwallet5.js r,
 
   owner @{HOME}/ r,
-  owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
-  owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,
 
   owner @{user_cache_dirs}/ rw,
   owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
diff --git a/apparmor.d/profiles-g-l/loginctl b/apparmor.d/groups/systemd/loginctl
similarity index 78%
rename from apparmor.d/profiles-g-l/loginctl
rename to apparmor.d/groups/systemd/loginctl
index 943cefd2f..36564e3a7 100644
--- a/apparmor.d/profiles-g-l/loginctl
+++ b/apparmor.d/groups/systemd/loginctl
@@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -9,12 +10,17 @@ include <tunables/global>
 profile loginctl @{exec_path} {
   include <abstractions/base>
   include <abstractions/dbus-strict>
+  include <abstractions/systemd-common>
 
   capability sys_resource,
   capability net_admin,
 
   @{exec_path} mr,
 
+  /{usr/,}bin/less  rPx -> child-pager,
+  /{usr/,}bin/more  rPx -> child-pager,
+  /{usr/,}bin/pager rPx -> child-pager,
+
   dbus (send) bus=system path=/org/freedesktop/login[0-9]*
        interface=org.freedesktop.login[0-9]*.Manager
        member={ListSessions,GetSession}
diff --git a/apparmor.d/groups/virt/virtiofsd b/apparmor.d/groups/virt/virtiofsd
index 556e12f8b..b6f83d534 100644
--- a/apparmor.d/groups/virt/virtiofsd
+++ b/apparmor.d/groups/virt/virtiofsd
@@ -5,9 +5,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{LOCAL_SHARED_DIRS} = /var/lib/libvirt/shared
-include if exists <local/tunables/virtiofsd>
-
 @{exec_path} = /{,usr/}lib/qemu/virtiofsd
 profile virtiofsd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
@@ -39,9 +36,9 @@ profile virtiofsd @{exec_path} flags=(attach_disconnected) {
   /var/lib/libvirt/qemu/*/fs[0-9]*-fs.sock rw,
 
   # shared folders
-  mount options=(rw, rbind) -> @{LOCAL_SHARED_DIRS}/,
-  pivot_root @{LOCAL_SHARED_DIRS}/,
-  @{LOCAL_SHARED_DIRS}/ r,
+  mount options=(rw, rbind) -> @{user_vm_shares}/,
+  pivot_root @{user_vm_shares}/,
+  @{user_vm_shares}/ r,
 
   include if exists <local/virtiofsd>
 }
diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina
index 017517184..993d77665 100644
--- a/apparmor.d/profiles-m-r/remmina
+++ b/apparmor.d/profiles-m-r/remmina
@@ -135,7 +135,7 @@ profile remmina @{exec_path} {
   /etc/gtk-3.0/settings.ini r,
   /usr/share/themes/{,**} r,
 
-  # X-strict
+  # X-tiny
   owner @{HOME}/.Xauthority r,
   owner @{HOME}/.xsession-errors w,
   unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*", label="{xorg,xkbcomp}"),
diff --git a/apparmor.d/tunables/xdg-user-dirs b/apparmor.d/tunables/xdg-user-dirs
index d33a29949..82e857132 100644
--- a/apparmor.d/tunables/xdg-user-dirs
+++ b/apparmor.d/tunables/xdg-user-dirs
@@ -29,6 +29,7 @@
 @{XDG_TORRENTS_DIR}="Torrents"
 @{XDG_GAMES_DIR}=".games"
 @{XDG_VM_DIR}=".vm"
+@{XDG_VM_SHARES}="VM Shares"
 @{XDG_WALLPAPERS_DIR}="@{XDG_PICTURES_DIR}/Wallpapers"
 @{XDG_IMG_DIR}="images"
 
@@ -72,6 +73,7 @@
 @{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}
 @{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}
 @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
+@{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES} @{MOUNTS}/@{XDG_VM_SHARES}
 @{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
 @{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}