diff --git a/debian/control b/debian/control
index 0b9fe38..f7167c0 100644
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,7 @@ Build-Depends: bash-completion,
                graphviz,
                libapparmor-dev,
                libcap-dev,
+               libdbus-1-dev,
                libgnutls28-dev,
                libseccomp-dev (>= 2.4~),
                linux-libc-dev,
diff --git a/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch b/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
deleted file mode 100644
index 488393e..0000000
--- a/debian/patches/extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Mon, 27 Feb 2023 11:02:43 +0100
-Subject: [PATCH] apparmor: don't try to mmap empty files
-
-In case empty profile files linger somehow (eg. powerloss or
-oom killer etc. between creating and writing the file) we
-tried to use mmap() with a length of 0 which is invalid.
-Let's treat this as if it did not exist.
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- src/lxc/lsm/apparmor.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
-index 23af021aa..685d3b9ef 100644
---- a/src/lxc/lsm/apparmor.c
-+++ b/src/lxc/lsm/apparmor.c
-@@ -973,12 +973,14 @@ static int load_apparmor_profile(struct lsm_ops *ops, struct lxc_conf *conf, con
- 			goto out;
- 		}
- 		old_len = profile_sb.st_size;
--		old_content = lxc_strmmap(NULL, old_len, PROT_READ,
--		                          MAP_PRIVATE, profile_fd, 0);
--		if (old_content == MAP_FAILED) {
--			SYSERROR("Failed to mmap old profile from %s",
--			         profile_path);
--			goto out;
-+		if (old_len) {
-+			old_content = lxc_strmmap(NULL, old_len, PROT_READ,
-+						  MAP_PRIVATE, profile_fd, 0);
-+			if (old_content == MAP_FAILED) {
-+				SYSERROR("Failed to mmap old profile from %s",
-+					 profile_path);
-+				goto out;
-+			}
- 		}
- 	} else if (errno != ENOENT) {
- 		SYSERROR("Error reading old profile from %s", profile_path);
--- 
-2.30.2
-
diff --git a/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch b/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
index d0255cd..65eb7bc 100644
--- a/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
+++ b/debian/patches/pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
@@ -1,7 +1,7 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
 Date: Wed, 9 Nov 2016 09:14:26 +0100
-Subject: [PATCH 2/3] PVE: [Config] deny rw mounting of /sys and /proc
+Subject: [PATCH 1/2] PVE: [Config] deny rw mounting of /sys and /proc
 
 Note that we don't actually make use of this anymore, since
 we switched to the generated profiles which already do this.
@@ -65,5 +65,5 @@ index 2606fb64c..3e61c62ea 100644
    # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
  #  mount options=(rw,make-slave) -> **,
 -- 
-2.30.2
+2.39.2
 
diff --git a/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch b/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
index 26f5162..457751b 100644
--- a/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
+++ b/debian/patches/pve/0002-PVE-Config-attach-always-use-getent.patch
@@ -1,7 +1,7 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
 Date: Tue, 13 Aug 2019 13:57:22 +0200
-Subject: [PATCH 3/3] PVE: [Config] attach: always use getent
+Subject: [PATCH 2/2] PVE: [Config] attach: always use getent
 
 In debian buster, some libnss plugins (if installed) can
 cause getpwent to segfault instead of erroring out cleanly.
@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 2 insertions(+), 27 deletions(-)
 
 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
-index f086e96c4..9969f2d8e 100644
+index 8f2f7a37c..a8684808c 100644
 --- a/src/lxc/attach.c
 +++ b/src/lxc/attach.c
 @@ -1843,45 +1843,21 @@ int lxc_attach_run_command(void *payload)
@@ -74,5 +74,5 @@ index f086e96c4..9969f2d8e 100644
  	return -1;
  }
 -- 
-2.30.2
+2.39.2
 
diff --git a/debian/patches/series b/debian/patches/series
index 38251d7..344756a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,2 @@
-extra/0001-apparmor-don-t-try-to-mmap-empty-files.patch
 pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0002-PVE-Config-attach-always-use-getent.patch
diff --git a/lxc b/lxc
index d571736..3dee5fb 160000
--- a/lxc
+++ b/lxc
@@ -1 +1 @@
-Subproject commit d571736812b89e195bee69b900fe09115a1e7e00
+Subproject commit 3dee5fb88c6f77496dbcab46f31bcd891c9ee4e0