diff --git a/Dockerfile b/Dockerfile
index 8ea43c1..b98e6aa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-selkies:debianbookworm
+FROM ghcr.io/linuxserver/baseimage-selkies:debiantrixie
 
 # set version label
 ARG BUILD_DATE
@@ -52,6 +52,6 @@ RUN \
 COPY /root /
 
 # ports and volumes
-EXPOSE 3000
+EXPOSE 3001
 
 VOLUME /config
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 2e14e46..14371f2 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-selkies:arm64v8-debianbookworm
+FROM ghcr.io/linuxserver/baseimage-selkies:arm64v8-debiantrixie
 
 # set version label
 ARG BUILD_DATE
@@ -52,6 +52,6 @@ RUN \
 COPY /root /
 
 # ports and volumes
-EXPOSE 3000
+EXPOSE 3001
 
 VOLUME /config
diff --git a/README.md b/README.md
index 1bcd81e..be227f9 100644
--- a/README.md
+++ b/README.md
@@ -222,8 +222,6 @@ services:
     container_name: vscodium
     cap_add:
       - IPC_LOCK
-    security_opt:
-      - seccomp:unconfined #optional
     environment:
       - PUID=1000
       - PGID=1000
@@ -243,7 +241,6 @@ services:
 docker run -d \
   --name=vscodium \
   --cap-add=IPC_LOCK \
-  --security-opt seccomp=unconfined `#optional` \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=Etc/UTC \
@@ -268,7 +265,6 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-v /config` | Users home directory in the container, stores local files and settings |
 | `--shm-size=` | This is needed for electron applications to function properly. |
-| `--security-opt seccomp=unconfined` | For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. VSCodium runs in no-sandbox mode without it. |
 | `--cap-add=IPC_LOCK` | Required for keyring functionality. |
 
 ### Portainer notice
@@ -437,6 +433,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **22.09.25:** - Rebase to Debian Trixie.
 * **24.07.25:** - Swap from thunar to caja for filebrowser.
 * **12.07.25:** - Rebase to Selkies, HTTPS IS NOW REQUIRED.
 * **10.02.24:** - Update Readme with new env vars and ingest proper PWA icon.
diff --git a/readme-vars.yml b/readme-vars.yml
index bc9a6d0..db016ec 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -29,9 +29,6 @@ custom_params:
 cap_add_param: true
 cap_add_param_vars:
   - {cap_add_var: "IPC_LOCK", desc: "Required for keyring functionality."}
-opt_security_opt_param: true
-opt_security_opt_param_vars:
-  - {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. VSCodium runs in no-sandbox mode without it."}
 # Selkies blurb settings
 selkies_blurb: true
 show_nvidia: true
@@ -111,6 +108,7 @@ init_diagram: |
   "vscodium:latest" <- Base Images
 # changelog
 changelogs:
+  - {date: "22.09.25:", desc: "Rebase to Debian Trixie."}
   - {date: "24.07.25:", desc: "Swap from thunar to caja for filebrowser."}
   - {date: "12.07.25:", desc: "Rebase to Selkies, HTTPS IS NOW REQUIRED."}
   - {date: "10.02.24:", desc: "Update Readme with new env vars and ingest proper PWA icon."}
diff --git a/root/defaults/menu.xml b/root/defaults/menu.xml
index 16b6034..2e04702 100644
--- a/root/defaults/menu.xml
+++ b/root/defaults/menu.xml
@@ -4,6 +4,6 @@
 <item label="Terminal" icon="/usr/share/pixmaps/xterm-color_48x48.xpm"><action name="Execute"><command>/usr/bin/st</command></action></item>
 <item label="VSCodium" icon="/usr/share/pixmaps/vscodium.png"><action name="Execute"><command>/usr/bin/codium</command></action></item>
 <item label="Chromium" icon="/usr/share/icons/hicolor/48x48/apps/chromium.png"><action name="Execute"><command>/usr/bin/chromium</command></action></item>
-<item label="File Manager" icon="/usr/share/icons/Adwaita/48x48/legacy/system-file-manager.png"><action name="Execute"><command>/usr/bin/caja</command></action></item>
+<item label="File Manager" icon="/usr/share/icons/Adwaita/symbolic/legacy/system-file-manager-symbolic.svg"><action name="Execute"><command>/usr/bin/caja</command></action></item>
 </menu>
 </openbox_menu>
diff --git a/root/usr/bin/chromium b/root/usr/bin/chromium
index a87c1e1..4af2c92 100755
--- a/root/usr/bin/chromium
+++ b/root/usr/bin/chromium
@@ -7,9 +7,4 @@ if ! pgrep chromium > /dev/null;then
   rm -f $HOME/.config/chromium/Singleton*
 fi
 
-# Run normally on privved containers or modified un non priv
-if grep -q 'Seccomp:.0' /proc/1/status; then  
-  ${BIN} --password-store=basic "$@"
-else
-  ${BIN} --password-store=basic --no-sandbox --test-type "$@"
-fi
+${BIN} --password-store=basic --no-sandbox --test-type "$@"
diff --git a/root/usr/bin/codium b/root/usr/bin/codium
index 05b6786..1a093a3 100755
--- a/root/usr/bin/codium
+++ b/root/usr/bin/codium
@@ -2,12 +2,6 @@
 
 BIN=/usr/share/codium/bin/codium
 
-# Run normally on privved containers or modified un non priv
-if grep -q 'Seccomp:.0' /proc/1/status; then
-  dbus-launch ${BIN} \
-   "$@"
-else
-  dbus-launch ${BIN} \
+dbus-launch ${BIN} \
   --no-sandbox \
    "$@"
-fi