diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5
index e2f5e834..ef2c436e 100644
--- a/apparmor.d/groups/kde/kded5
+++ b/apparmor.d/groups/kde/kded5
@@ -77,13 +77,16 @@ profile kded5 @{exec_path} {
   owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
   owner @{user_config_dirs}/gtk-{3,4}/settings.ini.lock rk,
   owner @{user_config_dirs}/kcminputrc r,
-  owner @{user_config_dirs}/kconf_updaterc r,
+  owner @{user_config_dirs}/kconf_updaterc rw,
+  owner @{user_config_dirs}/kconf_updaterc.lock rwk,
   owner @{user_config_dirs}/kcookiejarrc r,
   owner @{user_config_dirs}/kdebugrc r,
   owner @{user_config_dirs}/kded5rc.lock rwk,
   owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/kdedefaults/{,**} r,
   owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rw,
+  owner @{user_config_dirs}/khotkeysrc.@{rand6} l -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/khotkeysrc.lock rwk,
   owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
   owner @{user_config_dirs}/ktimezonedrc r,
@@ -132,6 +135,8 @@ profile kded5 @{exec_path} {
     include <abstractions/base>
     include <abstractions/consoles>
 
+    capability sys_ptrace,
+
     ptrace (read),
 
     @{bin}/pgrep mr,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index 0d279606..e4447583 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -25,6 +25,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
   include <abstractions/qt5>
+  include <abstractions/recent-documents-write>
   include <abstractions/thumbnails-cache-read>
   include <abstractions/vulkan>
   include <abstractions/X-strict>
@@ -102,7 +103,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   owner @{user_cache_dirs}/ksycoca5_* rl,
   owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
   owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
-  owner @{user_cache_dirs}/plasma-svgelements.{,@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
+  owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
   owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl,
   owner @{user_cache_dirs}/bookmarksrunner/ rw,
diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index abd0e1a6..b9d5f383 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -47,16 +47,19 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{lib}/@{multiarch}/sddm/sddm-helper      rix,
   @{lib}/plasma-dbus-run-session-if-needed  rix,
   @{lib}/sddm/sddm-helper                   rix,
+  @{lib}/sddm/sddm-helper-start-wayland     rix,
 
-  @{bin}/{,ba,da}sh   rix,
-  @{bin}/cat          rix,
-  @{bin}/checkproc    rix,
-  @{bin}/pidof        rix,
-  @{bin}/tr           rix,
-  @{bin}/tty          rix,
+  @{bin}/{,ba,da}sh    rix,
+  @{bin}/cat           rix,
+  @{bin}/checkproc     rix,
+  @{bin}/disable-paste rix,
+  @{bin}/pidof         rix,
+  @{bin}/tr            rix,
+  @{bin}/tty           rix,
   @{bin}/xdm            r,
-  @{bin}/xmodmap      rix,
+  @{bin}/xmodmap       rix,
 
+  @{bin}/kwin_wayland rPUx,
   @{bin}/sddm-greeter rPx,
   @{bin}/Xorg         rPx,
   /etc/sddm/Xsession  rPx,
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index 0b86cf23..b180a1a3 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -13,6 +13,8 @@ profile startplasma @{exec_path} {
   include <abstractions/qt5>
   include <abstractions/X-strict>
 
+  signal (receive) set=(term) peer=sddm,
+
   @{exec_path} mr,
 
   @{bin}/kapplymousetheme  rPUx,
@@ -39,7 +41,7 @@ profile startplasma @{exec_path} {
   owner @{user_cache_dirs}/ rw,
   owner @{user_cache_dirs}/#@{int} rw,
   owner @{user_cache_dirs}/kcrash-metadata/ rw,
-  owner @{user_cache_dirs}/ksycoca5_* rwkl,
+  owner @{user_cache_dirs}/ksycoca5* rwkl -> @{user_cache_dirs}/#@{int},
   owner @{user_cache_dirs}/plasma-svgelements rw,
 
   owner @{user_config_dirs}/#@{int} rw,
@@ -52,10 +54,11 @@ profile startplasma @{exec_path} {
   owner @{user_config_dirs}/ksplashrc r,
   owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
   owner @{user_config_dirs}/menus/ r,
-  owner @{user_config_dirs}/menus/applications-merged/ r,
+  owner @{user_config_dirs}/menus/applications-merged/{,*.menu} r,
   owner @{user_config_dirs}/plasma-localerc rwl,
   owner @{user_config_dirs}/plasma-localerc.lock rwk,
   owner @{user_config_dirs}/plasma-workspace/env/ r,
+  owner @{user_config_dirs}/startkderc r,
   owner @{user_config_dirs}/Trolltech.conf rwl,
   owner @{user_config_dirs}/Trolltech.conf.lock rwk,
   owner @{user_share_dirs}/kservices5/{,**} r,
@@ -72,6 +75,7 @@ profile startplasma @{exec_path} {
   @{PROC}/sys/kernel/random/boot_id r,
 
   /dev/tty r,
+  /dev/tty@{int} rw,
 
   include if exists <local/startplasma>
 }