diff --git a/apparmor.d/profiles-m-r/polkit-agent-helper b/apparmor.d/profiles-m-r/polkit-agent-helper
index 194209a5..96034257 100644
--- a/apparmor.d/profiles-m-r/polkit-agent-helper
+++ b/apparmor.d/profiles-m-r/polkit-agent-helper
@@ -1,6 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2018-2021 Mikhail Morfikov
-#               2021 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2018-2022 Mikhail Morfikov
+# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -14,22 +14,19 @@ profile polkit-agent-helper @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/consoles>
 
+  capability audit_write,
+  capability dac_override,
+  capability net_admin,
+  capability setgid,
+  capability setuid,
+  capability sys_nice,
+
+  network netlink raw,
+
   signal (receive) set=(term, kill) peer=polkit-*-authentication-agent,
   signal (receive) set=(term, kill) peer=gnome-shell,
   signal (receive) set=(term, kill) peer=pkexec,
 
-  capability setgid,
-  capability setuid,
-
-  capability audit_write,
-
-  # Needed?
-  deny capability sys_nice,
-  capability dac_override,
-  capability net_admin,
-
-  network netlink raw,
-
   @{exec_path} mr,
 
   # file_inherit