diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo
index 4c7de6ba5..333cbddbd 100644
--- a/apparmor.d/abstractions/app/sudo
+++ b/apparmor.d/abstractions/app/sudo
@@ -24,8 +24,6 @@
 
   network netlink raw,   # PAM
 
-  unix bind type=stream addr=@@{udbus}/bus/sudo/system,
-
   #aa:dbus talk bus=system name=org.freedesktop.home1 label=systemd-homed
   #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind
 
diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found
index 1ba7b5cb3..ee8e3bcb5 100644
--- a/apparmor.d/groups/apt/command-not-found
+++ b/apparmor.d/groups/apt/command-not-found
@@ -21,7 +21,7 @@ profile command-not-found @{exec_path} {
   @{python_path} r,
 
   @{bin}/lsb_release rPx -> lsb_release,
-  @{bin}/snap rPUx,
+  @{bin}/snap rPx,
 
   @{lib}/@{python_name}/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
 
diff --git a/apparmor.d/groups/gnome/gnome-logs b/apparmor.d/groups/gnome/gnome-logs
index 5e3ab03bd..06e66a43b 100644
--- a/apparmor.d/groups/gnome/gnome-logs
+++ b/apparmor.d/groups/gnome/gnome-logs
@@ -27,6 +27,8 @@ profile gnome-logs @{exec_path} {
   /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal r,
   /{run,var}/log/journal/remote/ r,
 
+  owner @{PROC}/@{pid}/stat r,
+
   include if exists <local/gnome-logs>
 }
 
diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl
index 3c5595345..36fbd9e75 100644
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@@ -33,6 +33,8 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
   /var/lib/systemd/catalog/database rw,
   /var/lib/systemd/catalog/.#database* rw,
 
+  /var/log/dmesg w,
+
         /{run,var}/log/journal/ r,
         /{run,var}/log/journal/@{hex32}/ r,
         /{run,var}/log/journal/@{hex32}/system.journal* r,
diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl
index 5386662c0..2892c88c3 100644
--- a/apparmor.d/groups/systemd/loginctl
+++ b/apparmor.d/groups/systemd/loginctl
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/loginctl
-profile loginctl @{exec_path} {
+profile loginctl @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/bus-system>
@@ -27,6 +27,8 @@ profile loginctl @{exec_path} {
         @{PROC}/sys/fs/nr_open r,
   owner @{PROC}/@{pid}/cgroup r,
 
+  /dev/rfkill r,
+
   include if exists <local/loginctl>
 }
 
diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd
index 20b396a72..ca5450826 100644
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@@ -29,7 +29,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
   network packet dgram,
   network packet raw,
 
-  unix (bind) type=stream addr=@@{udbus}/bus/systemd-network/bus-api-network,
+  unix bind type=stream addr=@@{udbus}/bus/systemd-network/bus-api-network,
 
   #aa:dbus own bus=system name=org.freedesktop.network1
 
diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd
index d71ccf1a1..1af847cd4 100644
--- a/apparmor.d/groups/systemd/systemd-udevd
+++ b/apparmor.d/groups/systemd/systemd-udevd
@@ -42,7 +42,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   @{bin}/*-print-pci-ids  rix,
   @{bin}/alsactl          rPUx,
   @{bin}/ddcutil          rPx,
-  @{bin}/dmsetup          rPUx,
+  @{bin}/dmsetup          rPx,
   @{bin}/ethtool          rix,
   @{bin}/issue-generator  rPx,
   @{bin}/kmod             rPx,
@@ -56,7 +56,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   @{bin}/perl             rix,
   @{bin}/setfacl          rix,
   @{bin}/sg_inq           rix,
-  @{bin}/snap             rPUx,
+  @{bin}/snap             rPx,
   @{bin}/systemctl        rCx -> systemctl,
   @{bin}/systemd-run      rix,
   @{bin}/unshare          rix,
diff --git a/apparmor.d/groups/utils/chsh b/apparmor.d/groups/utils/chsh
index bf2b92a98..73f097a94 100644
--- a/apparmor.d/groups/utils/chsh
+++ b/apparmor.d/groups/utils/chsh
@@ -24,8 +24,6 @@ profile chsh @{exec_path} {
 
   network netlink raw,
 
-  unix type=stream addr=@@{udbus}/bus/chsh/system,
-
   #aa:dbus talk bus=system name=org.freedesktop.home1 label=systemd-homed
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/utils/login b/apparmor.d/groups/utils/login
index dbf334577..c04c4230c 100644
--- a/apparmor.d/groups/utils/login
+++ b/apparmor.d/groups/utils/login
@@ -32,8 +32,6 @@ profile login @{exec_path} flags=(attach_disconnected) {
 
   signal (send) set=(hup term),
 
-  unix type=stream addr=@@{udbus}/bus/login/system,
-
   ptrace read,
 
   #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind
diff --git a/apparmor.d/groups/utils/su b/apparmor.d/groups/utils/su
index 02a212150..2615085ab 100644
--- a/apparmor.d/groups/utils/su
+++ b/apparmor.d/groups/utils/su
@@ -19,8 +19,6 @@ profile su @{exec_path} {
   signal (receive) set=(int,quit,term),
   signal (receive) set=(cont,hup)       peer=sudo,
 
-  unix (bind) type=dgram,
-
   @{exec_path} mr,
 
   @{bin}/@{shells}     rUx,
diff --git a/apparmor.d/profiles-a-f/console-setup b/apparmor.d/profiles-a-f/console-setup
index 5b867e1eb..7a11e407f 100644
--- a/apparmor.d/profiles-a-f/console-setup
+++ b/apparmor.d/profiles-a-f/console-setup
@@ -12,6 +12,7 @@ profile console-setup @{exec_path} {
 
   @{exec_path} mr,
 
+  @{sh_path} r,
   @{bin}/uname rPx,
   @{bin}/mkdir rix,
 
diff --git a/apparmor.d/profiles-g-l/hugo b/apparmor.d/profiles-g-l/hugo
index 6bb737ca0..ed62f48f1 100644
--- a/apparmor.d/profiles-g-l/hugo
+++ b/apparmor.d/profiles-g-l/hugo
@@ -37,10 +37,17 @@ profile hugo @{exec_path} {
 
   owner @{user_cache_dirs}/hugo_cache/{,**} rwkl,
 
+  owner @{user_config_dirs}/git/*config r,
+  owner @{user_config_dirs}/go/telemetry/mode r,
+
   owner @{tmp}/hugo_cache/{,**} rwkl,
   owner @{tmp}/go-codehost-@{int} rw,
 
-  @{PROC}/sys/net/core/somaxconn r,
+  @{sys}/kernel/mm/hugepages/ r,
+
+        @{PROC}/sys/net/core/somaxconn r,
+  owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/mountinfo r,
 
   include if exists <local/hugo>
 }
diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga
index b100e4e15..b6bbf5f73 100644
--- a/apparmor.d/profiles-m-r/qemu-ga
+++ b/apparmor.d/profiles-m-r/qemu-ga
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/qemu-ga
-profile qemu-ga @{exec_path} flags=(complain) {
+profile qemu-ga @{exec_path} {
   include <abstractions/base>
 
   @{exec_path} mr,
@@ -24,7 +24,7 @@ profile qemu-ga @{exec_path} flags=(complain) {
 
   /dev/vport@{int}p@{int} rw,
 
-  profile systemctl flags=(complain) {
+  profile systemctl {
     include <abstractions/base>
     include <abstractions/app/systemctl>