diff --git a/Dockerfile b/Dockerfile
index 819c9bf..d8cbd61 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,16 +34,17 @@ RUN \
     containerd.io \
     docker-ce \
     docker-ce-cli \
-    drm-info \
     e2fsprogs \
     fuse-overlayfs \
     g++ \
     gcc \
+    iproute2 \
     iptables \
     jq \
     lsof \
     make \
     nodejs \
+    nvidia-container-toolkit \
     nvidia-docker2 \
     openssl \
     pigz \
@@ -92,7 +93,7 @@ RUN \
   ALVERSION=$(cat /kasm_release/conf/database/seed_data/default_properties.yaml |awk '/alembic_version/ {print $2}') && \
   curl -o \
     /tmp/images.tar.gz -L \
-    "https://kasm-ci.s3.amazonaws.com/1.15.0-images-combined.tar.gz" && \
+    "https://kasm-ci.s3.amazonaws.com/1.16.0-images-combined.tar.gz" && \
   tar xf \
     /tmp/images.tar.gz -C \
     / && \
@@ -101,6 +102,9 @@ RUN \
     /kasm_release/conf/database/seed_data/default_images_a* && \
   sed -i 's/-N -e -H/-N -B -e -H/g' /kasm_release/upgrade.sh && \
   echo "exit 0" > /kasm_release/install_dependencies.sh && \
+  /kasm_release/bin/utils/yq_$(uname -m) -i \
+    '.services.proxy.volumes += "/kasm_release/www/img/thumbnails:/srv/www/img/thumbnails"' \
+    /kasm_release/docker/docker-compose-all.yaml && \
   echo "**** copy assets ****" && \
   cp \
     /kasm_release/www/img/thumbnails/*.png /kasm_release/www/img/thumbnails/*.svg \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 2204b4a..36dd94f 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -34,16 +34,17 @@ RUN \
     containerd.io \
     docker-ce \
     docker-ce-cli \
-    drm-info \
     e2fsprogs \
     fuse-overlayfs \
     g++ \
     gcc \
+    iproute2 \
     iptables \
     jq \
     lsof \
     make \
     nodejs \
+    nvidia-container-toolkit \
     nvidia-docker2 \
     openssl \
     pigz \
@@ -92,7 +93,7 @@ RUN \
   ALVERSION=$(cat /kasm_release/conf/database/seed_data/default_properties.yaml |awk '/alembic_version/ {print $2}') && \
   curl -o \
     /tmp/images.tar.gz -L \
-    "https://kasm-ci.s3.amazonaws.com/1.15.0-images-combined.tar.gz" && \
+    "https://kasm-ci.s3.amazonaws.com/1.16.0-images-combined.tar.gz" && \
   tar xf \
     /tmp/images.tar.gz -C \
     / && \
@@ -101,6 +102,9 @@ RUN \
     /kasm_release/conf/database/seed_data/default_images_a* && \
   sed -i 's/-N -e -H/-N -B -e -H/g' /kasm_release/upgrade.sh && \
   echo "exit 0" > /kasm_release/install_dependencies.sh && \
+  /kasm_release/bin/utils/yq_$(uname -m) -i \
+    '.services.proxy.volumes += "/kasm_release/www/img/thumbnails:/srv/www/img/thumbnails"' \
+    /kasm_release/docker/docker-compose-all.yaml && \
   echo "**** copy assets ****" && \
   cp \
     /kasm_release/www/img/thumbnails/*.png /kasm_release/www/img/thumbnails/*.svg \
diff --git a/README.md b/README.md
index d94cd0c..99706ee 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,8 @@ services:
     image: lscr.io/linuxserver/kasm:latest
     container_name: kasm
     privileged: true
+    security_opt:
+      - apparmor:rootlesskit #optional
     environment:
       - KASM_PORT=443
       - DOCKER_HUB_USERNAME=USER #optional
@@ -139,6 +141,7 @@ services:
 docker run -d \
   --name=kasm \
   --privileged \
+  --security-opt apparmor=rootlesskit `#optional` \
   -e KASM_PORT=443 \
   -e DOCKER_HUB_USERNAME=USER `#optional` \
   -e DOCKER_HUB_PASSWORD=PASS `#optional` \
@@ -169,6 +172,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-v /profiles` | Optionally specify a path for persistent profile storage. |
 | `-v /dev/input` | Optional for gamepad support. |
 | `-v /run/udev/data` | Optional for gamepad support. |
+| `--security-opt apparmor=rootlesskit` | Some hosts require this on top of privileged for namespacing to work properly inside the DinD layer. |
 
 ## Environment variables from files (Docker secrets)
 
@@ -313,6 +317,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **17.09.24:** - Update base image for 1.16.0 release and fix Nvidia support.
 * **16.02.24:** - Update base image for 1.15.0 release.
 * **22.08.23:** - Update base image for 1.14.0 release.
 * **07.04.23:** - Add mod layer for ingesting LSIO images for 1.13.0 release.
diff --git a/readme-vars.yml b/readme-vars.yml
index d995bf6..ed45a03 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -60,6 +60,10 @@ opt_param_volumes:
   - { vol_path: "/dev/input", vol_host_path: "/dev/input", desc: "Optional for gamepad support." }
   - { vol_path: "/run/udev/data", vol_host_path: "/run/udev/data", desc: "Optional for gamepad support." }
 
+opt_security_opt_param: true
+opt_security_opt_param_vars:
+  - { run_var: "apparmor=rootlesskit", compose_var: "apparmor:rootlesskit", desc: "Some hosts require this on top of privileged for namespacing to work properly inside the DinD layer." }
+
 opt_param_usage_include_ports: false
 opt_param_ports: []
 
@@ -112,6 +116,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "17.09.24:", desc: "Update base image for 1.16.0 release and fix Nvidia support." }
   - { date: "16.02.24:", desc: "Update base image for 1.15.0 release." }
   - { date: "22.08.23:", desc: "Update base image for 1.14.0 release." }
   - { date: "07.04.23:", desc: "Add mod layer for ingesting LSIO images for 1.13.0 release." }
diff --git a/root/etc/docker/daemon.json b/root/etc/docker/daemon.json
new file mode 100644
index 0000000..c561d62
--- /dev/null
+++ b/root/etc/docker/daemon.json
@@ -0,0 +1,8 @@
+{
+    "runtimes": {
+        "nvidia": {
+            "args": [],
+            "path": "nvidia-container-runtime"
+        }
+    }
+}
diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-kasm/run b/root/etc/s6-overlay/s6-rc.d/init-config-kasm/run
index 8874fb8..f696272 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-config-kasm/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-config-kasm/run
@@ -18,3 +18,11 @@ if [ ! -f "/opt/kasm/certs/kasm_wizard.crt" ]; then
         -out /opt/kasm/certs/kasm_wizard.crt \
         -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=$(hostname)/emailAddress=none@none.none"
 fi
+
+# Create plugin directory
+if [ ! -L "/var/lib/docker-plugins" ]; then
+  mkdir -p /opt/docker-plugins
+  ln -s /opt/docker-plugins /var/lib/docker-plugins
+  mkdir -p /var/lib/docker-plugins/rclone/config
+  mkdir -p /var/lib/docker-plugins/rclone/cache
+fi
diff --git a/root/gpuinfo.sh b/root/gpuinfo.sh
index 984df4e..234731e 100755
--- a/root/gpuinfo.sh
+++ b/root/gpuinfo.sh
@@ -1,2 +1,28 @@
 #! /bin/bash
-drm_info -j 2>/dev/null| jq -c 'with_entries(.value |= .driver.desc)'
+
+# Get list of drm devices
+IFS=$'\n'
+CARDS=$(ls -la /sys/class/drm/renderD*/device/driver 2>/dev/null | awk '{print $11}' | awk -F/ '{print $NF}')
+if [ -z "$CARDS" ]; then
+  echo '{}'
+  exit 0
+fi
+for CARD in ${CARDS}; do
+  LAST_CARD=${CARD}
+done
+
+# Add them to the json string
+JSON='{'
+COUNTER=0
+for CARD in $CARDS; do
+  JSON="${JSON}\"/dev/dri/card$COUNTER\":\"${CARD^^}\""
+  if [ ${CARD} == ${LAST_CARD} ]; then
+    JSON="${JSON}}"
+  else
+    JSON="${JSON},"
+  fi
+  COUNTER=$(( COUNTER + 1 ))
+done
+
+# Print json string
+echo $JSON