diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found
index e48ff12b6..35f8940ee 100644
--- a/apparmor.d/groups/apt/command-not-found
+++ b/apparmor.d/groups/apt/command-not-found
@@ -26,7 +26,7 @@ profile command-not-found @{exec_path} {
   @{bin}/snap         rPx,
 
   @{lib}/ r,
-  @{lib}/@{python_name}/dist-packages/CommandNotFound/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} w,
+  @{lib}/@{python_name}/dist-packages/CommandNotFound/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int}@{int} w,
 
   /usr/share/command-not-found/{,**} r,
 
diff --git a/apparmor.d/groups/bus/dbus-system b/apparmor.d/groups/bus/dbus-system
index 59cad20c9..ee64c6497 100644
--- a/apparmor.d/groups/bus/dbus-system
+++ b/apparmor.d/groups/bus/dbus-system
@@ -31,7 +31,7 @@ profile dbus-system flags=(attach_disconnected) {
   network bluetooth stream,
   network bluetooth seqpacket,
 
-  ptrace (read) peer=@{p_systemd},
+  ptrace read peer=@{p_systemd},
 
   #aa:dbus own bus=system name=org.freedesktop.DBus path=/{,org/freedesktop/DBus}
   dbus receive bus=system path=/org/freedesktop/DBus
diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index a7525d099..4d883303f 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -70,9 +70,9 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{lib}/@{multiarch}/sddm/sddm-helper      rix,
   @{lib}/plasma-dbus-run-session-if-needed  rix,
   @{lib}/@{multiarch}/libexec/plasma-dbus-run-session-if-needed  rix,
-  @{lib}/sddm/sddm-helper                   rix,
-  @{lib}/sddm/sddm-helper-start-wayland     rix,
-  @{lib}/sddm/sddm-helper-start-x11user     rix,
+  @{lib}/{,sddm/}sddm-helper                rix,
+  @{lib}/{,sddm/}sddm-helper-start-wayland  rix,
+  @{lib}/{,sddm/}sddm-helper-start-x11user  rix,
 
   @{shells_path}       rix,
   @{bin}/cat           rix,
diff --git a/apparmor.d/groups/network/netplan-generate b/apparmor.d/groups/network/netplan-generate
index 34a9ff8fe..60ec7656f 100644
--- a/apparmor.d/groups/network/netplan-generate
+++ b/apparmor.d/groups/network/netplan-generate
@@ -31,16 +31,16 @@ profile netplan-generate @{exec_path} flags=(attach_disconnected) {
   @{run}/systemd/generator/netplan.stamp w,
   @{run}/systemd/generator/network-online.target.wants/ w,
   @{run}/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service w,
-  @{run}/systemd/network/ r,
+  @{run}/systemd/network/ rw,
   @{run}/systemd/network/@{int}-netplan{,-*}.{network,link}{,.@{rand6}} rw,
   @{run}/systemd/system/ r,
   @{run}/systemd/system/netplan-* rw,
-  @{run}/systemd/system/systemd-networkd-wait-online.service.d/ r,
+  @{run}/systemd/system/systemd-networkd-wait-online.service.d/ rw,
   @{run}/systemd/system/systemd-networkd-wait-online.service.d/@{int}-netplan.conf{,.@{rand6}} rw,
   @{run}/systemd/system/systemd-networkd.service.wants/ rw,
   @{run}/systemd/system/systemd-networkd.service.wants/netplan-*.service rw,
 
-  @{run}/udev/rules.d/ r,
+  @{run}/udev/rules.d/ rw,
   @{run}/udev/rules.d/@{int}-netplan{,-*}.rules{,.@{rand6}} rw,
 
   @{sys}/devices/**/net/*/address r,
diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index f6638d5d9..a7d9a6699 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -53,8 +53,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
 
   ptrace (read,trace) peer=@{p_systemd},
 
-  unix (bind) type=stream addr=@@{udbus}/bus/sshd/system,
-
   dbus send bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
        member={CreateSession,ReleaseSession,CreateSessionWithPIDFD}
diff --git a/apparmor.d/groups/systemd/coredumpctl b/apparmor.d/groups/systemd/coredumpctl
index d81933f5e..e77f326fe 100644
--- a/apparmor.d/groups/systemd/coredumpctl
+++ b/apparmor.d/groups/systemd/coredumpctl
@@ -10,6 +10,8 @@ include <tunables/global>
 @{exec_path} = @{bin}/coredumpctl
 profile coredumpctl @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/bus-system>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,
@@ -31,9 +33,7 @@ profile coredumpctl @{exec_path} flags=(complain) {
 
   /{run,var}/log/journal/ r,
   /{run,var}/log/journal/@{hex32}/ r,
-  /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r,
-  /{run,var}/log/journal/@{hex32}/system.journal* r,
-  /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r,
+  /{run,var}/log/journal/@{hex32}/* r,
 
   owner @{tmp}/*.coredump w,
   owner @{tmp}/core.* w,
diff --git a/apparmor.d/groups/systemd/systemd-oomd b/apparmor.d/groups/systemd/systemd-oomd
index d16c67f7d..ce61dba23 100644
--- a/apparmor.d/groups/systemd/systemd-oomd
+++ b/apparmor.d/groups/systemd/systemd-oomd
@@ -15,7 +15,7 @@ profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
   capability dac_override,
   capability kill,
 
-  unix (bind) type=stream addr=@@{udbus}/bus/systemd-oomd/bus-api-oom,
+  unix bind type=stream addr=@@{udbus}/bus/systemd-oomd/bus-api-oom,
 
   #aa:dbus own bus=system name=org.freedesktop.oom1
 
diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep
index 34916ecc6..d7c61e336 100644
--- a/apparmor.d/groups/systemd/systemd-sleep
+++ b/apparmor.d/groups/systemd/systemd-sleep
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{lib}/systemd/systemd-sleep
-profile systemd-sleep @{exec_path} {
+profile systemd-sleep @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
index dd6576dd7..a9575dd89 100644
--- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
+++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
@@ -21,6 +21,7 @@ profile systemd-tty-ask-password-agent @{exec_path} {
   signal receive set=(term cont) peer=deb-systemd-invoke,
   signal receive set=(term cont) peer=default,
   signal receive set=(term cont) peer=logrotate,
+  signal receive set=(term cont) peer=makepkg//sudo,
   signal receive set=(term cont) peer=role_*,
   signal receive set=(term cont) peer=rpm,
 
diff --git a/apparmor.d/groups/ubuntu/apport b/apparmor.d/groups/ubuntu/apport
index ec25fd377..8219ef185 100644
--- a/apparmor.d/groups/ubuntu/apport
+++ b/apparmor.d/groups/ubuntu/apport
@@ -27,10 +27,11 @@ profile apport @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  @{bin}/gdbus        rix,
   @{bin}/{,e,f}grep   rix,
   @{bin}/dpkg         rPx -> child-dpkg,
   @{bin}/dpkg-divert  rPx -> child-dpkg-divert,
+  @{bin}/gdbus        rix,
+  @{bin}/md5sum       rix,
 
   /usr/share/apport/{,**} r,
 
@@ -39,6 +40,7 @@ profile apport @{exec_path} flags=(attach_disconnected) {
 
   /var/lib/dpkg/info/ r,
   /var/lib/dpkg/info/*.list r,
+  /var/lib/dpkg/info/*.md5sums r,
 
         /var/crash/ rw,
         /var/crash/*.@{uid}.crash rw,
diff --git a/apparmor.d/groups/utils/dmesg b/apparmor.d/groups/utils/dmesg
index 6abc40c37..14ace0dea 100644
--- a/apparmor.d/groups/utils/dmesg
+++ b/apparmor.d/groups/utils/dmesg
@@ -8,7 +8,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/dmesg
-profile dmesg @{exec_path} {
+profile dmesg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
 
diff --git a/apparmor.d/groups/utils/fstrim b/apparmor.d/groups/utils/fstrim
index a55337659..211913f41 100644
--- a/apparmor.d/groups/utils/fstrim
+++ b/apparmor.d/groups/utils/fstrim
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/fstrim
-profile fstrim @{exec_path} {
+profile fstrim @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/disks-write>
 
diff --git a/apparmor.d/profiles-a-f/freetube b/apparmor.d/profiles-a-f/freetube
index e29b6d80b..63bb82f11 100644
--- a/apparmor.d/profiles-a-f/freetube
+++ b/apparmor.d/profiles-a-f/freetube
@@ -39,6 +39,8 @@ profile freetube @{exec_path} flags=(attach_disconnected) {
   #aa:stack X xdg-settings
   @{bin}/xdg-settings  rPx -> freetube//&xdg-settings,
 
+  deny @{sys}/devices/@{pci}/usb@{int}/** r,
+
   include if exists <local/freetube>
 }
 
diff --git a/apparmor.d/profiles-g-l/localsend b/apparmor.d/profiles-g-l/localsend
new file mode 100644
index 000000000..ad2e23fc6
--- /dev/null
+++ b/apparmor.d/profiles-g-l/localsend
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/localsend
+profile localsend @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bus-session>
+  include <abstractions/bus-system>
+  include <abstractions/desktop>
+  include <abstractions/graphics>
+  include <abstractions/user-download-strict>
+
+#  --system-talk-name=org.freedesktop.NetworkManager
+#   - --system-talk-name=org.freedesktop.hostname1
+# --talk-name=org.kde.StatusNotifierWatcher
+
+  @{exec_path} mr,
+
+  include if exists <local/localsend>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/profiles-g-l/logrotate b/apparmor.d/profiles-g-l/logrotate
index 7990fb27d..fdd3b6209 100644
--- a/apparmor.d/profiles-g-l/logrotate
+++ b/apparmor.d/profiles-g-l/logrotate
@@ -80,6 +80,11 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
     capability net_admin,
     capability sys_ptrace,
 
+    dbus send bus=system path=/org/freedesktop/systemd1
+         interface=org.freedesktop.systemd1.Manager
+         member=KillUnit
+         peer=(name=org.freedesktop.systemd1, label="@{p_systemd}"),
+
     @{run}/utmp rk,
 
     include if exists <local/logrotate_systemctl>
diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs
index 15554adb8..fdc258da1 100644
--- a/apparmor.d/profiles-m-r/mkinitramfs
+++ b/apparmor.d/profiles-m-r/mkinitramfs
@@ -92,7 +92,7 @@ profile mkinitramfs @{exec_path} {
         /var/tmp/modules_@{rand6} rw,
   owner /var/tmp/mkinitramfs_@{rand6} rw,
   owner /var/tmp/mkinitramfs_@{rand6}/ rw,
-  owner /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_*/**,
+  owner /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_@{rand6}/**,
   owner /var/tmp/mkinitramfs-@{rand6} rw,
   owner /var/tmp/mkinitramfs-*_@{rand6} rw,
 
diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles
index 1140f36af..d18030d68 100644
--- a/apparmor.d/tunables/multiarch.d/profiles
+++ b/apparmor.d/tunables/multiarch.d/profiles
@@ -28,6 +28,7 @@
 @{p_snap}=snap
 @{p_systemd_logind}=systemd-logind
 @{p_xdg_desktop_portal}=xdg-desktop-portal
-
+@{p_gsd_media_keys}=gsd-media-keys
+@{p_rtkit_daemon}=rtkit-daemon
 
 # vim:syntax=apparmor