diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
index 76086eb1..3dd894a7 100644
--- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
+++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
@@ -1,54 +1,60 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2018-2021 Mikhail Morfikov
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}lib/@{multiarch}/libexec/polkit-kde-authentication-agent-[0-9]
+@{exec_path} = /{usr/,}lib{,exec}/@{multiarch}/polkit-kde-authentication-agent-[0-9]
+@{exec_path} += /{usr/,}lib{,exec}/polkit-kde-authentication-agent-[0-9]
 profile polkit-kde-authentication-agent @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/X>
-  include <abstractions/gtk>
-  include <abstractions/fonts>
+  include <abstractions/dri-enumerate>
   include <abstractions/fontconfig-cache-read>
+  include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/gtk>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
   include <abstractions/qt5-compose-cache-write>
   include <abstractions/wayland>
-  include <abstractions/dri-enumerate>
-  include <abstractions/nameservice-strict>
-  include <abstractions/mesa>
+  include <abstractions/X>
 
   signal (send) set=(term, kill) peer=polkit-agent-helper,
 
   @{exec_path} mr,
 
   /{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
-
   /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
 
-  @{PROC}/@{pid}/cmdline r,
-  @{PROC}/@{pid}/cgroup r,
-  @{PROC}/@{pid}/fd/ r,
-  @{PROC}/sys/kernel/core_pattern r,
+  /usr/share/hwdata/pnp.ids r,
+  /usr/share/qt/translations/*.qm r,
+  /usr/share/qt5ct/** r,
 
   /var/lib/dbus/machine-id r,
   /etc/machine-id r,
 
-  owner @{user_config_dirs}/qt5ct/{,**} r,
-  /usr/share/qt5ct/** r,
-
-  /usr/share/hwdata/pnp.ids r,
-
-  owner @{user_config_dirs}/kdeglobals r,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
 
-  /dev/shm/#[0-9]*[0-9] rw,
+  owner @{user_config_dirs}/kdedefaults/* r,
+  owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kwinrc r,
+  owner @{user_config_dirs}/qt5ct/{,**} r,
 
   owner /tmp/#[0-9]*[0-9] rw,
   owner /tmp/polkit-kde-authentication-agent-[0-9].* rwl -> /tmp/#[0-9]*[0-9],
 
+  @{run}/systemd/users/@{uid} r,
+
+  @{PROC}/@{pid}/cgroup r,
+  @{PROC}/@{pid}/cmdline r,
+  @{PROC}/@{pid}/fd/ r,
+  @{PROC}/sys/kernel/core_pattern r,
+
+  /dev/shm/#[0-9]*[0-9] rw,
+
   include if exists <local/polkit-kde-authentication-agent>
 }
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 9a0f6ee1..fcb234d1 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -174,6 +174,7 @@ pkttyagent complain
 plymouth complain
 plymouth-set-default-theme attach_disconnected,complain
 plymouthd complain
+polkit-kde-authentication-agent complain
 power-profiles-daemon attach_disconnected,complain
 qemu-ga complain
 remmina complain