diff --git a/apparmor.d/groups/gvfs/gvfsd-admin b/apparmor.d/groups/gvfs/gvfsd-admin
index 4f845f316..e1b16cac3 100644
--- a/apparmor.d/groups/gvfs/gvfsd-admin
+++ b/apparmor.d/groups/gvfs/gvfsd-admin
@@ -22,14 +22,15 @@ profile gvfsd-admin @{exec_path} {
 
   /usr/share/mime/mime.cache r,
 
-  @{MOUNTS}/{,**} rw,
-
-  @{run}/mount/utab r,
-  @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
-
-  @{PROC}/@{pid}/fdinfo/@{int} r,
-  @{PROC}/@{pid}/mountinfo r,
-  @{PROC}/@{pid}/stat r,
+  #aa:lint ignore=too-wide
+  # Full access to system's data, but no write access to sensitive system directories
+  / r,
+  /*/ r,
+  /*/** rw,
+  deny @{sys}/** w,
+  deny @{PROC}/** w,
+  deny @{efi}/** w,
+  deny /dev/** w,
 
   include if exists <local/gvfsd-admin>
 }