diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11
index 21a82fcaa..af1a8b068 100644
--- a/apparmor.d/groups/bus/ibus-x11
+++ b/apparmor.d/groups/bus/ibus-x11
@@ -11,9 +11,10 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/dri-common>
   include <abstractions/dri-enumerate>
-  include <abstractions/nameservice-strict>
-  include <abstractions/mesa>
+  include <abstractions/fonts>
   include <abstractions/gtk>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory
index 6109a7762..a5b620154 100644
--- a/apparmor.d/groups/gnome/evolution-addressbook-factory
+++ b/apparmor.d/groups/gnome/evolution-addressbook-factory
@@ -18,7 +18,7 @@ profile evolution-addressbook-factory @{exec_path} {
   network inet dgram,
   network inet6 dgram,
   network netlink raw,
-  
+
   @{exec_path} mr,
   @{exec_path}-subprocess rix,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/gnome/gnome-contacts b/apparmor.d/groups/gnome/gnome-contacts
index 22e2aea3c..ec764ecde 100644
--- a/apparmor.d/groups/gnome/gnome-contacts
+++ b/apparmor.d/groups/gnome/gnome-contacts
@@ -21,10 +21,12 @@ profile gnome-contacts @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/glvnd/egl_vendor.d/{,*.json} r,
   /usr/share/applications/{,*.desktop} r,
 
   owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
   owner @{user_cache_dirs}/gstreamer*/{,**} r,
+  owner @{user_cache_dirs}/mesa_shader_cache/index rw,
   owner @{user_config_dirs}/gnome-contacts/{,**} rw,
   owner @{user_share_dirs}/folks/relationships.ini r,
 
@@ -32,5 +34,9 @@ profile gnome-contacts @{exec_path} {
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 
+  @{PROC}/sys/dev/i915/perf_stream_paranoid r,
+
+  /dev/ r,
+
   include if exists <local/gnome-contacts>
 }
diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys
index 534de58c0..c3192dfd9 100644
--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@@ -30,6 +30,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
   /usr/share/X11/xkb/** r,
 
   owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
+  owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
 
   /var/lib/gdm/.config/pulse/client.conf r,
 
diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract
index 868a85f49..daa754f15 100644
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@@ -22,6 +22,7 @@ profile tracker-extract @{exec_path} {
   /usr/share/applications/*.desktop r,
   /usr/share/mime/mime.cache r,
 
+  owner /tmp/tracker-extract-3-files.*/{,*} rw,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
   owner @{user_share_dirs}/gvfs-metadata/** r,
 
@@ -36,8 +37,6 @@ profile tracker-extract @{exec_path} {
   owner @{run}/user/@{uid}/dconf/ rw,
   owner @{run}/user/@{uid}/dconf/user rw,
 
-  /tmp/tracker-extract-3-files.*/{,*} rw,
-
   @{run}/udev/data/c236:* r,
 
   include if exists <local/tracker-extract>
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index f350f1aa2..cf6b2c224 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -32,9 +32,9 @@ profile tracker-miner @{exec_path} {
   owner @{user_config_dirs}/tracker3/{,**} rwk,
   owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
 
-  @{PROC}/@{pid}/mountinfo r,
-  @{PROC}/@{pid}/mounts r,
-  @{PROC}/sys/fs/inotify/max_user_watches r,
+  owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/mounts r,
+        @{PROC}/sys/fs/inotify/max_user_watches r,
 
   include <abstractions/dconf>
   owner @{run}/user/@{uid}/dconf/ rw,
diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp
index 4d6659805..5cf493978 100644
--- a/apparmor.d/groups/gvfs/gvfsd-mtp
+++ b/apparmor.d/groups/gvfs/gvfsd-mtp
@@ -13,12 +13,14 @@ profile gvfsd-mtp @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>
   include <abstractions/devices-usb>
-  include <abstractions/user-download-strict>
 
   network netlink raw,
 
   @{exec_path} mr,
 
+  owner @{HOME}/{,**} rw,
+  owner @{MOUNTS}/*/{,**} rw,
+
   owner @{run}/user/@{uid}/gvfsd/socket-* rw,
 
   include <abstractions/dconf>
diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager
index 895d26a96..409ae4ccd 100644
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@@ -67,6 +67,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   @{run}/NetworkManager/{,**} rw,
   @{run}/systemd/inhibit/[0-9]*.ref rw,
+  @{run}/systemd/users/@{uid} r,
   @{run}/udev/data/n[0-9]* r,
   @{run}/udev/data/+rfkill:* r,
   @{run}/udev/data/+platform* r,
diff --git a/apparmor.d/groups/systemd/bootctl b/apparmor.d/groups/systemd/bootctl
index 07abc9d2f..b38adb7c8 100644
--- a/apparmor.d/groups/systemd/bootctl
+++ b/apparmor.d/groups/systemd/bootctl
@@ -51,5 +51,9 @@ profile bootctl @{exec_path} {
  owner @{PROC}/@{pid}/cgroup r,
        @{PROC}/sys/kernel/random/poolsize r,
 
+  # Silencer
+  deny network inet6 stream,
+  deny network inet stream,
+
   include if exists <local/bootctl>
 }
\ No newline at end of file
diff --git a/apparmor.d/groups/systemd/systemd-ac-power b/apparmor.d/groups/systemd/systemd-ac-power
index 9109c4a9c..536758126 100644
--- a/apparmor.d/groups/systemd/systemd-ac-power
+++ b/apparmor.d/groups/systemd/systemd-ac-power
@@ -19,4 +19,5 @@ profile systemd-ac-power @{exec_path} {
   @{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/ r,
   @{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/{type,online} r,
 
+  include if exists <local/systemd-ac-power>
 }
diff --git a/apparmor.d/groups/systemd/systemd-hwdb b/apparmor.d/groups/systemd/systemd-hwdb
index 06901e6da..59fcc1105 100644
--- a/apparmor.d/groups/systemd/systemd-hwdb
+++ b/apparmor.d/groups/systemd/systemd-hwdb
@@ -19,5 +19,9 @@ profile systemd-hwdb @{exec_path} {
 
   owner @{PROC}/@{pid}/stat r,
 
+  # Silencer
+  deny network inet6 stream,
+  deny network inet stream,
+
   include if exists <local/systemd-hwdb>
 }
diff --git a/apparmor.d/groups/systemd/systemd-sysctl b/apparmor.d/groups/systemd/systemd-sysctl
index e9ce2a2ed..2421ce38b 100644
--- a/apparmor.d/groups/systemd/systemd-sysctl
+++ b/apparmor.d/groups/systemd/systemd-sysctl
@@ -27,5 +27,9 @@ profile systemd-sysctl @{exec_path} {
 
   /etc/sysctl.conf r,
 
+  # Silencer
+  deny network inet6 stream,
+  deny network inet stream,
+
   include if exists <local/systemd-sysctl>
 }
diff --git a/apparmor.d/groups/virt/virtlogd b/apparmor.d/groups/virt/virtlogd
index af917ee07..e93217001 100644
--- a/apparmor.d/groups/virt/virtlogd
+++ b/apparmor.d/groups/virt/virtlogd
@@ -22,6 +22,7 @@ profile virtlogd @{exec_path} {
   /var/log/libvirt/qemu/*.log rw,
 
   @{run}/virtlogd.pid rwk,
+  @{run}/libvirt/common/system.token rwk,
 
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node[0-9]*/meminfo r,
diff --git a/apparmor.d/profiles-m-z/wpa-supplicant b/apparmor.d/profiles-m-z/wpa-supplicant
index 18228730d..ab75f5d58 100644
--- a/apparmor.d/profiles-m-z/wpa-supplicant
+++ b/apparmor.d/profiles-m-z/wpa-supplicant
@@ -13,19 +13,13 @@ profile wpa-supplicant @{exec_path} {
   include <abstractions/nameservice>
   include <abstractions/openssl>
 
-  # To remove the following errors:
-  #  wpa_supplicant[]: wlan0: Failed to initialize driver interface
+  capability chown,
+  capability dac_override,
+  capability dac_read_search,
+  capability fsetid,
+  capability mknod,
   capability net_admin,
   capability net_raw,
-
-  # To remove the following errors:
-  #  wpa_supplicant[]: Failed to initialize control interface 'DIR=/run/wpa_supplicant
-  #  GROUP=netdev'. You may have another wpa_supplicant process already running or the file was
-  #  left by an unclean termination of wpa_supplicant in which case you will need  to manually
-  #  remove this file before starting wpa_supplicant again.
-  capability chown,
-
-  capability fsetid,
   capability sys_module,
 
   network packet raw,
@@ -33,6 +27,8 @@ profile wpa-supplicant @{exec_path} {
 
   @{exec_path} mr,
 
+  @{HOME}/.cat_installer/*.pem r,
+
   owner @{run}/wpa_supplicant/{,**} rw,
 
   /etc/wpa_supplicant/wpa_supplicant.conf r,
@@ -46,7 +42,6 @@ profile wpa-supplicant @{exec_path} {
   @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]/name r,
 
   # For wpa_gui
-  #capability dac_override,
   #/etc/wpa_supplicant/wpa_supplicant.conf w,
   #/etc/wpa_supplicant/wpa_supplicant.conf.tmp rw,
 
diff --git a/apparmor.d/profiles-m-z/xdg-mime b/apparmor.d/profiles-m-z/xdg-mime
index b59a6efe4..f35eb2160 100644
--- a/apparmor.d/profiles-m-z/xdg-mime
+++ b/apparmor.d/profiles-m-z/xdg-mime
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}bin/xdg-mime
-profile xdg-mime @{exec_path} {
+profile xdg-mime @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/freedesktop.org>
 
@@ -55,6 +55,7 @@ profile xdg-mime @{exec_path} {
 
   # file_inherit
   @{MOUNTS}/** rw,
+  /dev/dri/card[0-9]* rw,
 
   /dev/tty rw,