diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord
index 0b490b8aa..07b7d248f 100644
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@@ -16,13 +16,15 @@ profile colord @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
-  dbus send bus=system path=/org/freedesktop/DBus
-       interface=org.freedesktop.DBus
-       member={GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName,ReleaseName},
+  dbus bind bus=system name=org.freedesktop.ColorManager,
 
   dbus (send,receive) bus=system path=/org/freedesktop/ColorManager{,/**}
        interface=org.freedesktop.ColorManager*,
 
+  dbus send bus=system path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={GetConnectionUnixProcessID,GetConnectionUnixUser,RequestName,ReleaseName},
+
   dbus send    bus=system path=/org/freedesktop/PolicyKit[0-9]/Authority
        interface=org.freedesktop.PolicyKit[0-9].Authority
        member=CheckAuthorization
@@ -52,9 +54,6 @@ profile colord @{exec_path} flags=(attach_disconnected) {
        member=GetAll
        peer=(name=:*, label="{@{profile_name},gsd-color}"),
 
-  dbus bind bus=system 
-       name=org.freedesktop.ColorManager,
-
   @{exec_path} mr,
 
   @{lib}/{,colord/}colord-sane  rPx,
diff --git a/apparmor.d/groups/freedesktop/dconf-editor b/apparmor.d/groups/freedesktop/dconf-editor
index fd090fb0f..4e1238c02 100644
--- a/apparmor.d/groups/freedesktop/dconf-editor
+++ b/apparmor.d/groups/freedesktop/dconf-editor
@@ -19,6 +19,7 @@ profile dconf-editor @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/glib-2.0/schemas/{,*} r,
+  /usr/share/X11/xkb/{,**} r,
 
   # When GSETTINGS_BACKEND=keyfile
   owner @{user_config_dirs}/glib-2.0/ rw,
diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire
index ec87108d9..90b61ffa5 100644
--- a/apparmor.d/groups/freedesktop/pipewire
+++ b/apparmor.d/groups/freedesktop/pipewire
@@ -55,7 +55,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
   /etc/pipewire/pipewire.conf r,
   /etc/pipewire/pipewire.conf.d/{,*} r,
 
-  /var/lib/gdm/.config/pulse/cookie rk,
+  /var/lib/gdm{3,}/.config/pulse/cookie rk,
 
   / r,
   /.flatpak-info r,
diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio
index 8f9b707e6..d9205d532 100644
--- a/apparmor.d/groups/freedesktop/pulseaudio
+++ b/apparmor.d/groups/freedesktop/pulseaudio
@@ -138,8 +138,8 @@ profile pulseaudio @{exec_path} {
 
   @{exec_path} mrix,
 
-  @{lib}/pulse/gsettings-helper mrix,
-  @{lib}/@{multiarch}/pulse/gconf-helper mrix,
+  @{lib}/pulse/gsettings-helper rix,
+  @{lib}/@{multiarch}/pulse/gconf-helper rix,
   @{lib}/pulse-*/modules/*.so mr,
 
   /usr/share/ladspa/rdf/{,*} r,
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
index a7a684f8e..00921e7ac 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
@@ -128,6 +128,10 @@ profile xdg-desktop-portal-gnome @{exec_path} {
 
   @{exec_path} mr,
 
+  / r,
+  @{bin}/ r,
+  @{bin}/* r,
+
   /usr/share/X11/xkb/{,**} r,
 
   /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,