diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict
index d4fd4970..e05ad466 100644
--- a/apparmor.d/abstractions/kde-strict
+++ b/apparmor.d/abstractions/kde-strict
@@ -14,6 +14,7 @@
 
   /usr/share/hwdata/pnp.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/desktop-base/kf{5,6}-settings/kdeglobals r,
 
   /etc/xdg/kcminputrc r,
   /etc/xdg/kdeglobals r,
diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
index f5cbac88..98c13948 100644
--- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
+++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/@{multiarch}/polkit-kde-authentication-agent-[0-9]
+@{exec_path}  = @{lib}/@{multiarch}/{,libexec/}polkit-kde-authentication-agent-[0-9]
 @{exec_path} += @{lib}/polkit-kde-authentication-agent-[0-9]
 profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
index 9008bf76..019e6d0b 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/xdg-desktop-portal-kde
+@{exec_path}  = @{lib}/xdg-desktop-portal-kde
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}xdg-desktop-portal-kde
 profile xdg-desktop-portal-kde @{exec_path} {
   include <abstractions/base>
   include <abstractions/kde-strict>
diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier
index a8dbfab0..6067bd9e 100644
--- a/apparmor.d/groups/kde/DiscoverNotifier
+++ b/apparmor.d/groups/kde/DiscoverNotifier
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/DiscoverNotifier
+@{exec_path}  = @{lib}/DiscoverNotifier
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier
 profile DiscoverNotifier @{exec_path} {
   include <abstractions/base>
   include <abstractions/graphics>
@@ -19,6 +20,8 @@ profile DiscoverNotifier @{exec_path} {
 
   @{exec_path} mr,
 
+  @{bin}/apt-config rPx,
+
   /usr/share/metainfo/{,**} r,
 
   /etc/flatpak/remotes.d/ r,
diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo
index 28efb9f5..64fb694f 100644
--- a/apparmor.d/groups/kde/baloo
+++ b/apparmor.d/groups/kde/baloo
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
  
-@{exec_path} = @{bin}/baloo_file @{lib}/{,kf6/}baloo_file
+@{exec_path}  = @{bin}/baloo_file @{lib}/{,kf6/}baloo_file
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}baloo_file
 profile baloo @{exec_path} {
   include <abstractions/base>
   include <abstractions/deny-sensitive-home>
diff --git a/apparmor.d/groups/kde/baloorunner b/apparmor.d/groups/kde/baloorunner
index 3cee9a11..54282725 100644
--- a/apparmor.d/groups/kde/baloorunner
+++ b/apparmor.d/groups/kde/baloorunner
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/baloorunner
+@{exec_path}  = @{lib}/baloorunner
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}baloorunner
 profile baloorunner @{exec_path} {
   include <abstractions/base>
   include <abstractions/graphics>
diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi
index a3e9a81e..cab7f48c 100644
--- a/apparmor.d/groups/kde/drkonqi
+++ b/apparmor.d/groups/kde/drkonqi
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/drkonqi
+@{exec_path}  = @{lib}/drkonqi
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi
 profile drkonqi @{exec_path} {
   include <abstractions/base>
   include <abstractions/kde-strict>
diff --git a/apparmor.d/groups/kde/drkonqi-coredump-cleanup b/apparmor.d/groups/kde/drkonqi-coredump-cleanup
index 054a68c7..bdc6a422 100644
--- a/apparmor.d/groups/kde/drkonqi-coredump-cleanup
+++ b/apparmor.d/groups/kde/drkonqi-coredump-cleanup
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/drkonqi-coredump-cleanup
+@{exec_path}  = @{lib}/drkonqi-coredump-cleanup
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi-coredump-cleanup
 profile drkonqi-coredump-cleanup @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/kde/drkonqi-coredump-processor b/apparmor.d/groups/kde/drkonqi-coredump-processor
index 14e74bdc..17ae76f4 100644
--- a/apparmor.d/groups/kde/drkonqi-coredump-processor
+++ b/apparmor.d/groups/kde/drkonqi-coredump-processor
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/drkonqi-coredump-processor
+@{exec_path}  = @{lib}/drkonqi-coredump-processor
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi-coredump-processor
 profile drkonqi-coredump-processor @{exec_path} {
   include <abstractions/base>
   include <abstractions/qt5>
diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd
index 33628b07..ea420285 100644
--- a/apparmor.d/groups/kde/kactivitymanagerd
+++ b/apparmor.d/groups/kde/kactivitymanagerd
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kactivitymanagerd
+@{exec_path}  =  @{lib}/kactivitymanagerd
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kactivitymanagerd
 profile kactivitymanagerd @{exec_path} {
   include <abstractions/base>
   include <abstractions/graphics>
diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update
index cd5e84f0..0d12ba6c 100644
--- a/apparmor.d/groups/kde/kconf_update
+++ b/apparmor.d/groups/kde/kconf_update
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kf{5,6}/kconf_update @{lib}/{,@{multiarch}/}libexec/kf{5,6}/kconf_update
+@{exec_path}  = @{lib}/kf{5,6}/kconf_update
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kconf_update
 profile kconf_update @{exec_path} {
   include <abstractions/base>
   include <abstractions/dconf-write>
@@ -27,17 +28,21 @@ profile kconf_update @{exec_path} {
   @{bin}/qtpaths                         rix,
   @{bin}/sed                             rix,
 
+  @{bin}/qtchooser                       rPx,
   @{lib}/kconf_update_bin/*              rix,
+  @{lib}/@{multiarch}/kconf_update_bin/* rix,
   /usr/share/kconf_update/*.py           rix,
   /usr/share/kconf_update/*.sh           rix,
 
   /usr/share/kconf_update/{,**} r,
   /usr/share/kglobalaccel/org.kde.krunner.desktop r,
 
-  /etc/machine-id r,
   /etc/xdg/konsolerc r,
   /etc/xdg/ui/ui_standards.rc r,
 
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
+
   owner @{user_cache_dirs}/icon-cache.kcache rw,
 
   owner @{user_config_dirs}/#@{int} rw,
diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil
index b287fda5..faf9146a 100644
--- a/apparmor.d/groups/kde/kde-powerdevil
+++ b/apparmor.d/groups/kde/kde-powerdevil
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/org_kde_powerdevil
+@{exec_path}  = @{lib}/org_kde_powerdevil
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}org_kde_powerdevil
 profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) {
   include <abstractions/base>
   include <abstractions/fontconfig-cache-read>
diff --git a/apparmor.d/groups/kde/kde-systemd-start-condition b/apparmor.d/groups/kde/kde-systemd-start-condition
index ad91d990..134f62d1 100644
--- a/apparmor.d/groups/kde/kde-systemd-start-condition
+++ b/apparmor.d/groups/kde/kde-systemd-start-condition
@@ -13,6 +13,7 @@ profile kde-systemd-start-condition @{exec_path} {
   @{exec_path} mr,
 
   /etc/xdg/baloofilerc r,
+  /usr/share/desktop-base/kf{5,6}-settings/baloofilerc r,
 
   owner @{user_config_dirs}/baloofilerc r,
   owner @{user_config_dirs}/plasma-welcomerc r,
diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded
index ca808d84..bd8e9f03 100644
--- a/apparmor.d/groups/kde/kded
+++ b/apparmor.d/groups/kde/kded
@@ -81,13 +81,15 @@ profile kded @{exec_path} {
   /usr/share/kservicetypes5/{,**} r,
 
   /etc/fstab r,
-  /etc/machine-id r,
   /etc/xdg/accept-languages.codes r,
   /etc/xdg/kcminputrc r,
   /etc/xdg/kde* r,
   /etc/xdg/kioslaverc r,
   /etc/xdg/menus/{,**} r,
 
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
+
   owner @{HOME}/.gtkrc-2.0 rw,
 
         @{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int},
diff --git a/apparmor.d/groups/kde/kio_http_cache_cleaner b/apparmor.d/groups/kde/kio_http_cache_cleaner
index a39d6716..f944ee5a 100644
--- a/apparmor.d/groups/kde/kio_http_cache_cleaner
+++ b/apparmor.d/groups/kde/kio_http_cache_cleaner
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kf{5,6}/kio_http_cache_cleaner
+@{exec_path}  = @{lib}/kf{5,6}/kio_http_cache_cleaner
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kio_http_cache_cleaner
 profile kio_http_cache_cleaner @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/kde/kiod b/apparmor.d/groups/kde/kiod
index 13ad20f2..4df8aed1 100644
--- a/apparmor.d/groups/kde/kiod
+++ b/apparmor.d/groups/kde/kiod
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kf{5,6}/kiod{5,6}
+@{exec_path}  = @{lib}/kf{5,6}/kiod{5,6}
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kiod{5,6}
 profile kiod @{exec_path} {
   include <abstractions/base>
   include <abstractions/graphics>
diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher
index 8ad64af7..5c582e80 100644
--- a/apparmor.d/groups/kde/kscreen_backend_launcher
+++ b/apparmor.d/groups/kde/kscreen_backend_launcher
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kf{5,6}/kscreen_backend_launcher
+@{exec_path}  = @{lib}/kf{5,6}/kscreen_backend_launcher
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kscreen_backend_launcher
 profile kscreen_backend_launcher @{exec_path} {
   include <abstractions/base>
   include <abstractions/kde-strict>
diff --git a/apparmor.d/groups/kde/kscreen_osd_service b/apparmor.d/groups/kde/kscreen_osd_service
index 66ad1d94..7d1fcf4c 100644
--- a/apparmor.d/groups/kde/kscreen_osd_service
+++ b/apparmor.d/groups/kde/kscreen_osd_service
@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kscreen_osd_service
+@{exec_path}  = @{lib}/kscreen_osd_service
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kscreen_osd_service
 profile kscreen_osd_service @{exec_path} {
   include <abstractions/base>
   include <abstractions/graphics>
diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet
index 875eccf1..c96cb563 100644
--- a/apparmor.d/groups/kde/kscreenlocker-greet
+++ b/apparmor.d/groups/kde/kscreenlocker-greet
@@ -7,8 +7,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/kscreenlocker_greet
-@{exec_path} += @{lib}/@{multiarch}/libexec/kscreenlocker_greet
+@{exec_path}  = @{lib}/kscreenlocker_greet
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}kscreenlocker_greet
 profile kscreenlocker-greet @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>
diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver
index 1ecf6379..fbf45093 100644
--- a/apparmor.d/groups/kde/ksmserver
+++ b/apparmor.d/groups/kde/ksmserver
@@ -23,12 +23,13 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   @{bin}/rm rix,
 
-  @{lib}/@{multiarch}/libexec/DiscoverNotifier rPx,
-  @{lib}/@{multiarch}/libexec/kscreenlocker_greet rPx,
-  @{lib}/DiscoverNotifier rPUx, # TODO: rPx,
-  @{lib}/drkonqi rPx,
-  @{lib}/kscreenlocker_greet rPx,
-  @{lib}/thunderbird/thunderbird.sh rPx,
+  @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier  rPx,
+  @{lib}/@{multiarch}/libexec/DiscoverNotifier     rPx,
+  @{lib}/@{multiarch}/libexec/kscreenlocker_greet  rPx,
+  @{lib}/DiscoverNotifier                          rPx,
+  @{lib}/drkonqi                                   rPx,
+  @{lib}/kscreenlocker_greet                       rPx,
+  @{thunderbird_path}                              rPx,
 
   @{user_bin_dirs}/** rPUx,
 
diff --git a/apparmor.d/groups/kde/ksmserver-logout-greeter b/apparmor.d/groups/kde/ksmserver-logout-greeter
index b067603b..fa8bd0b9 100644
--- a/apparmor.d/groups/kde/ksmserver-logout-greeter
+++ b/apparmor.d/groups/kde/ksmserver-logout-greeter
@@ -1,26 +1,27 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2024 Jeroen Rijken
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/@{multiarch}/libexec/ksmserver-logout-greeter
+@{exec_path}  = @{bin}/ksmserver-logout-greeter
+@{exec_path} += @{lib}/@{multiarch}/{,libexec/}ksmserver-logout-greeter
 profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/dri>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/kde-icon-cache-write>
   include <abstractions/kde-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
 
   @{exec_path} mr,
 
-  owner @{HOME}/ r,
+  @{lib}/os-release r,
 
   / r,
   /etc/machine-id r,
@@ -32,12 +33,13 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
   /var/lib/flatpak/exports/share/icons/{,**} r,
   /var/lib/flatpak/exports/share/mime/generic-icons r,
 
-  @{lib}/os-release r,
+  owner @{HOME}/ r,
 
   owner @{user_cache_dirs}/ r,
   owner @{user_cache_dirs}/#@{int} rwlk,
   owner @{user_cache_dirs}/kcrash-metadata/ r,
-  owner @{user_cache_dirs}/ksmserver-logout-greeter/qmlcache/{,*} r,
+  owner @{user_cache_dirs}/ksmserver-logout-greeter/ rw,
+  owner @{user_cache_dirs}/ksmserver-logout-greeter/** rwlk,
   owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
   owner @{user_cache_dirs}/plasma-svgelements rw,
   owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
@@ -50,15 +52,12 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
   owner @{user_config_dirs}/ksmserverrc r,
   owner @{user_config_dirs}/plasmarc r,
 
-  owner @{user_share_dirs}/icons/{**,} r,
-  owner @{user_share_dirs}/mime/generic-icons r,
-
-  owner @{PROC}/@{pid}/exe r,
-  owner @{PROC}/@{pid}/status r,
   owner @{run}/user/@{uid}/ r,
 
-  @{PROC}/sys/dev/i915/perf_stream_paranoid r,
-  @{PROC}/sys/kernel/core_pattern r,
+        @{PROC}/sys/dev/i915/perf_stream_paranoid r,
+        @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/exe r,
+  owner @{PROC}/@{pid}/status r,
 
   include if exists <local/ksmserver-logout-greeter>
 }
diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland
index 908deb23..1012d84d 100644
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@@ -31,6 +31,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   @{bin}/plasmashell          r,
   @{bin}/Xwayland             rPx,
   @{lib}/kscreenlocker_greet  rPx,
+  @{lib}/@{multiarch}/libexec/kscreenlocker_greet rPx,
   @{lib}/kwin_killer_helper   rix,
 
   /usr/share/color-schemes/*.colors r,
@@ -46,13 +47,15 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/plasma/desktoptheme/** r,
   /usr/share/qt/translations/*.qm r,
 
-  /etc/machine-id r,
   /etc/pipewire/client.conf.d/ r,
   /etc/xdg/kscreenlockerrc r,
   /etc/xdg/menus/{,applications.menu} r,
   /etc/xdg/menus/applications-merged/ r,
   /etc/xdg/plasmarc r,
 
+  /etc/machine-id r,
+  /var/lib/dbus/machine-id r,
+
   owner @{sddm_cache_dirs}/#@{int} rwk,
   owner @{sddm_cache_dirs}/fontconfig/* rwk,
   owner @{sddm_cache_dirs}/fontconfig/*-le64.cache-@{int}.LCK l -> @{sddm_cache_dirs}/fontconfig/*-le64.cache-@{int}.TMP-@{rand6},
diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session
index 6e049e6e..19131388 100644
--- a/apparmor.d/groups/kde/plasma_session
+++ b/apparmor.d/groups/kde/plasma_session
@@ -29,7 +29,10 @@ profile plasma_session @{exec_path} {
   @{lib}/geoclue-2.0/demos/agent                         rPx,
   @{lib}/org_kde_powerdevil                              rPx,
   @{lib}/pam_kwallet_init                                rPx,
-  @{lib}/polkit-kde-authentication-agent-@{int}          rPx,
+  @{lib}/polkit-kde-authentication-agent-[0-9]           rPx,
+
+  @{lib}/@{multiarch}/{,libexec/}org_kde_powerdevil      rPx,
+  @{lib}/@{multiarch}/{,libexec/}polkit-kde-authentication-agent-[0-9] rPx,
 
   /usr/share/kservices{5,6}/{,**} r,
   /usr/share/knotifications{5,6}/{,**} r,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index ba82cad1..b1273610 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -68,6 +68,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
 
   /usr/share/akonadi/firstrun/{,*} r,
   /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
+  /usr/share/desktop-base/{,**} r,
   /usr/share/desktop-directories/kf5-*.directory r,
   /usr/share/kf6/{,**} r,
   /usr/share/kio/servicemenus/{,*.desktop} r,
diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index a7d94520..1d956a49 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -65,6 +65,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   @{lib}/@{multiarch}/sddm/sddm-helper      rix,
   @{lib}/plasma-dbus-run-session-if-needed  rix,
+  @{lib}/@{multiarch}/libexec/plasma-dbus-run-session-if-needed  rix,
   @{lib}/sddm/sddm-helper                   rix,
   @{lib}/sddm/sddm-helper-start-wayland     rix,
   @{lib}/sddm/sddm-helper-start-x11user     rix,
@@ -99,6 +100,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/xrdb                 rPx,
   @{bin}/xset                 rPx,
   @{bin}/xsetroot             rPx,
+  @{etc_ro}/sddm/wayland-session rPx,
   @{etc_ro}/sddm/Xsession     rPx,
   @{etc_ro}/X11/xdm/Xsession  rPx,
 
diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter
index 8fad5ed7..682f1ab9 100644
--- a/apparmor.d/groups/kde/sddm-greeter
+++ b/apparmor.d/groups/kde/sddm-greeter
@@ -28,7 +28,7 @@ profile sddm-greeter @{exec_path} {
   @{lib}/libheif/ r,
   @{lib}/libheif/*.so* rm,
 
-  /usr/share/desktop-base/softwaves-theme/login/*.svg r,
+  /usr/share/desktop-base/*-theme/login/*.svg r,
   /usr/share/plasma/desktoptheme/** r,
   /usr/share/qt5ct/** r,
   /usr/share/sddm/{,**} r,
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index 8ecb60f5..10036438 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -16,6 +16,9 @@ profile startplasma @{exec_path} {
 
   @{exec_path} mr,
 
+  @{sh_path}  rix,
+  @{bin}/env  rix,
+
   @{bin}/kapplymousetheme  rPUx,
   @{bin}/ksplashqml        rPUx,
   @{bin}/plasma_session     rPx,
@@ -32,6 +35,7 @@ profile startplasma @{exec_path} {
   /etc/machine-id r,
   /etc/xdg/kcminputrc r,
   /etc/xdg/menus/{,**} r,
+  /etc/xdg/plasma-workspace/env/{,**} r,
 
         @{user_cache_dirs}/ksycoca{5,6}_* rwkl -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/#@{int} rwk,
diff --git a/apparmor.d/groups/kde/wayland-session b/apparmor.d/groups/kde/wayland-session
new file mode 100644
index 00000000..64cca056
--- /dev/null
+++ b/apparmor.d/groups/kde/wayland-session
@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{etc_ro}/sddm/wayland-session
+profile wayland-session @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bash-strict>
+
+  @{exec_path} mr,
+
+  @{sh_path}   rix,
+  @{bin}/id    rix,
+
+  @{lib}/plasma-dbus-run-session-if-needed  rix,
+  @{lib}/@{multiarch}/libexec/plasma-dbus-run-session-if-needed  rix,
+  @{bin}/startplasma-wayland rPx,
+
+  /etc/machine-id r,
+
+  owner @{user_share_dirs}/sddm/wayland-session.log rw,
+
+  include if exists <local/wayland-session>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession
index d1abd322..3d2c89f1 100644
--- a/apparmor.d/groups/kde/xdm-xsession
+++ b/apparmor.d/groups/kde/xdm-xsession
@@ -16,8 +16,9 @@ profile xdm-xsession @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/checkproc      rix,
   @{sh_path}                rix,
+
+  @{bin}/checkproc          rix,
   @{bin}/basename           rix,
   @{bin}/cat                rix,
   @{bin}/dirname            rix,
@@ -42,7 +43,7 @@ profile xdm-xsession @{exec_path} {
   @{bin}/xdg-user-dirs-update               rPx,
   @{bin}/xrdb                               rPx,
 
-  @{lib}/gnome-session-binary                rPx,
+  @{lib}/gnome-session-binary               rPx,
   @{bin}/gnome                              rix,
   @{bin}/gnome-session                      rix,
   @{bin}/gsettings                          rPx,
diff --git a/apparmor.d/profiles-m-r/qtchooser b/apparmor.d/profiles-m-r/qtchooser
index 27942a93..10749b88 100644
--- a/apparmor.d/profiles-m-r/qtchooser
+++ b/apparmor.d/profiles-m-r/qtchooser
@@ -13,8 +13,8 @@ profile qtchooser @{exec_path} flags=(complain) {
 
   @{exec_path} mr,
 
-  @{lib}/qt5/bin/qdbus rPUx,
-  @{lib}/qt5/bin/qmake rPUx,
+  @{lib}/qt{5,6}/bin/qdbus rPx,
+  @{lib}/qt{5,6}/bin/qmake rPUx,
 
   /usr/share/qtchooser/{,*.conf} r,