--- a/data/apparmor/abstractions/lightdm
+++ b/data/apparmor/abstractions/lightdm
@@ -11,7 +11,6 @@
   #include <abstractions/cups-client>
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
-  #include <abstractions/dbus-accessibility>
   #include <abstractions/nameservice>
   #include <abstractions/wutmp>
   /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
@@ -74,10 +73,11 @@
   capability ipc_lock,
 
   # allow processes in the guest session to signal and ptrace each other
-  signal peer=@{profile_name},
-  ptrace peer=@{profile_name},
-  # needed when logging out of the guest session
-  signal (receive) peer=unconfined,
+  # this doesn't work with the current Debian apparmor
+  #signal peer=@{profile_name},
+  #ptrace peer=@{profile_name},
+  ## needed when logging out of the guest session
+  #signal (receive) peer=unconfined,
 
   # silence warnings for stuff that we really don't want to grant
   deny capability dac_override,
--- a/data/apparmor/abstractions/lightdm_chromium-browser
+++ b/data/apparmor/abstractions/lightdm_chromium-browser
@@ -8,6 +8,7 @@
 # provided in abstractions/lightdm, this abstraction must be separate from
 # abstractions/lightdm.
 
+  /usr/lib/chromium/chromium Cx -> chromium,
   /usr/lib/chromium-browser/chromium-browser Cx -> chromium,
   /usr/bin/webapp-container Cx -> chromium,
   /usr/bin/webbrowser-app Cx -> chromium,
@@ -53,6 +54,7 @@
 
     /selinux/ r,
 
+    /usr/lib/chromium/chrome-sandbox ix,
     /usr/lib/chromium-browser/chromium-browser-sandbox ix,
     /usr/lib/@{multiarch}/oxide-qt/chrome-sandbox ix,
     /opt/google/chrome-*/chrome-sandbox ix,