diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete
index 95615ddc..d8b2f4a3 100644
--- a/apparmor.d/abstractions/mesa.d/complete
+++ b/apparmor.d/abstractions/mesa.d/complete
@@ -9,3 +9,11 @@
   /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/ rw,
   /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
   /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
+
+  # Extra Mesa rules for SDDM
+  /var/lib/sddm/.cache/ w,
+  /var/lib/sddm/.cache/mesa_shader_cache/ rw,
+  /var/lib/sddm/.cache/mesa_shader_cache/index rw,
+  /var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/ rw,
+  /var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
+  /var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete
index 982530f5..a3d22d09 100644
--- a/apparmor.d/abstractions/wayland.d/complete
+++ b/apparmor.d/abstractions/wayland.d/complete
@@ -4,3 +4,5 @@
 
   owner /dev/shm/sway* rw,
   owner /dev/shm/dunst-@{rand6} rw,
+
+  owner @{run}/user/@{uid}/wayland-@{int}.lock rk,
diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet
index 5fa882d8..d25229dd 100644
--- a/apparmor.d/groups/kde/kscreenlocker-greet
+++ b/apparmor.d/groups/kde/kscreenlocker-greet
@@ -27,6 +27,7 @@ profile kscreenlocker-greet @{exec_path} {
 
   signal (send) peer=kcheckpass,
   signal (receive) set=(usr1, term) peer=ksmserver,
+  signal (receive) set=(term) peer=kwin_wayland,
 
   @{exec_path} mr,
 
diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland
index 3e9b01c4..e0af933b 100644
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@@ -23,6 +23,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
 
   ptrace (read),
 
+  signal (receive) set=term peer=sddm,
   signal (receive) set=(kill, term) peer=kwin_wayland_wrapper,
   signal (send) set=(kill, term) peer=xwayland,
 
@@ -38,6 +39,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/kglobalaccel/{,**} r,
   /usr/share/knotifications5/ksmserver.notifyrc r,
   /usr/share/kservices5/{,**} r,
+  /usr/share/kservicetypes5/{,*.desktop} r,
   /usr/share/kwin/{,**} r,
   /usr/share/libinput/{,**} r,
   /usr/share/mime/ r,
@@ -46,21 +48,27 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   /usr/share/X11/xkb/{,**} r,
 
   /etc/machine-id r,
-  /etc/xdg/menus/ r,
+  /etc/xdg/menus/{,applications.menu} r,
   /etc/pipewire/client.conf.d/ r,
   /usr/share/pipewire/client.conf r,
+  
 
+  owner /var/lib/sddm/.cache/#@{int} rw,
+  owner /var/lib/sddm/.cache/fontconfig/* r,
   owner /var/lib/sddm/.cache/mesa_shader_cache/** r,
   owner /var/lib/sddm/.cache/mesa_shader_cache/index rw,
-  owner /var/lib/sddm/.cache/ksycoca5_* r,
-  
+  owner /var/lib/sddm/.cache/ksycoca5_* rwkl  -> /var/lib/sddm/.cache/#@{int},
+
+  owner /var/lib/sddm/.config/#@{int} rw,
   owner /var/lib/sddm/.config/kdeglobals r,
-  owner /var/lib/sddm/.config/kglobalshortcutsrc r,
-  owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rw,
-  owner /var/lib/sddm/.config/kwinrc r,
-  owner /var/lib/sddm/.config/kwinrc.lock rw,
+  owner /var/lib/sddm/.config/kglobalshortcutsrc rw,
+  owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
+  owner /var/lib/sddm/.config/kglobalshortcutsrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
+  owner /var/lib/sddm/.config/kwinrc rw,
+  owner /var/lib/sddm/.config/kwinrc.lock rwk,
   owner /var/lib/sddm/.config/kwinrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
 
+  owner @{user_cache_dirs}/{,plasma-svgelements} r,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
   owner @{user_share_dirs}/kscreen/* r,
   owner @{user_cache_dirs}/ksycoca5_* r,
@@ -96,6 +104,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
   @{run}/udev/data/c13:@{int}  r,         # for /dev/input/*
   @{run}/udev/data/c226:@{int} r,         # for /dev/dri/card*
 
+  @{run}/udev/data/+hid:* r,              # for HID subsystem
   @{run}/udev/data/+pci:* r,
   @{run}/udev/data/+sound:card@{int} r,
   @{run}/udev/data/+usb:* r,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index 220b81a6..f14c6526 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -56,13 +56,16 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   @{lib}/kf5/kioslave5     rPx,
   @{lib}/kf5/kdesu{,d}     rix,
   @{bin}/dolphin          rPUx, # TODO: rPx,
+  @{bin}/ksysguardd       rix,
   @{bin}/plasma-discover  rPUx,
+  @{bin}/xrdb             rPx,
 
   /usr/share/akonadi/firstrun/{,*} r,
   /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
   /usr/share/desktop-directories/kf5-*.directory r,
   /usr/share/hwdata/*.ids r,
   /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/kio/servicemenus/{,*.desktop} r,
   /usr/share/knotifications5/*.notifyrc r,
   /usr/share/konsole/ r,
   /usr/share/krunner/{,**} r,
@@ -72,15 +75,19 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   /usr/share/mime/{,**} r,
   /usr/share/plasma/{,**} r,
   /usr/share/solid/actions/{,**} r,
+  /usr/share/templates/{,*.desktop} r,
   /usr/share/wallpapers/{,**} r,
 
   /etc/appstream.conf r,
   /etc/cups/client.conf r,
   /etc/fstab r,
+  /etc/ksysguarddrc r,
   /etc/machine-id r,
   /etc/pipewire/client.conf.d/ r,
   /etc/pulse/client.conf r,
   /etc/pulse/client.conf.d/ r,
+  /etc/sensors3.conf r,
+  /etc/sensors.d/ r,
   /etc/xdg/** r,
 
   owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
@@ -107,14 +114,20 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   owner @{user_config_dirs}/akonadi* r,
   owner @{user_config_dirs}/akonadi/akonadi*rc r,
   owner @{user_config_dirs}/baloofilerc r,
+  owner @{user_config_dirs}/baloofileinformationrc r,
   owner @{user_config_dirs}/dolphinrc r,
   owner @{user_config_dirs}/eventviewsrc r,
   owner @{user_config_dirs}/kactivitymanagerd-statsrc r,
+  owner @{user_config_dirs}/kactivitymanagerd-switcher rw,
+  owner @{user_config_dirs}/kactivitymanagerd-switcher.lock rwk,
+  owner @{user_config_dirs}/kactivitymanagerd-switcher.* rwl,
   owner @{user_config_dirs}/kdedefaults/* r,
   owner @{user_config_dirs}/kdeglobals r,
+  owner @{user_config_dirs}/kdiff3fileitemactionrc r,
   owner @{user_config_dirs}/kioslaverc r,
   owner @{user_config_dirs}/klipperrc r,
   owner @{user_config_dirs}/kmail2.notifyrc r,
+  owner @{user_config_dirs}/kcookiejarrc r,
   owner @{user_config_dirs}/korganizerrc r,
   owner @{user_config_dirs}/krunnerrc r,
   owner @{user_config_dirs}/ksmserverrc r,
@@ -148,19 +161,27 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
         @{run}/mount/utab r,
         @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/#@{int} rw,
-  owner @{run}/user/@{uid}/kdesud_:1 w,
-  owner @{run}/user/@{uid}/plasmashell@{rand6}.[0-9].kioworker.socket rwl,
+  owner @{run}/user/@{uid}/kdesud_:@{int} w,
+  owner @{run}/user/@{uid}/plasmashell@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
   owner @{run}/user/@{uid}/pulse/ rw,
 
   @{sys}/bus/ r,
   @{sys}/bus/usb/devices/ r,
-  @{sys}/class/ r,
+  @{sys}/class/{,*} r,
 
+  @{sys}/devices/pci[0-9]*/**/name r,
+  @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node@{int}/meminfo r,
+  @{sys}/devices/virtual/thermal/**/{name,type} r,
 
         @{PROC}/ r,
         @{PROC}/cmdline r,
+        @{PROC}/diskstats r,
+        @{PROC}/loadavg r,
+        @{PROC}/uptime r,
+        @{PROC}/vmstat r,
         @{PROC}/sys/kernel/core_pattern r,
         @{PROC}/sys/kernel/random/boot_id r,
   owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,
diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index 854a1adb..ee7228fb 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -38,8 +38,8 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   ptrace (trace) peer=@{profile_name},
   ptrace (read) peer=unconfined,
-  ptrace (read) peer=kwalletd5,
-
+  
+  signal (send) set=term peer=kwin_wayland,
   signal (send) set=(kill, term) peer=startplasma,
   signal (send) set=term peer=startplasma-wayland,
   signal (send) set=term peer=sddm-greeter,
@@ -151,6 +151,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
         @{run}/systemd/sessions/*.ref rw,
         @{run}/user/@{uid}/xauth_@{rand6} rwl,
   owner @{run}/sddm/ rw,
+  owner @{run}/user/@{uid}/ r,
   owner @{run}/user/@{uid}/#@{int} rw,
   owner @{run}/user/@{uid}/kwallet5.socket rw,
 
diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma
index b180a1a3..402753bb 100644
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@@ -53,8 +53,7 @@ profile startplasma @{exec_path} {
   owner @{user_config_dirs}/kdeglobals* rwl,
   owner @{user_config_dirs}/ksplashrc r,
   owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
-  owner @{user_config_dirs}/menus/ r,
-  owner @{user_config_dirs}/menus/applications-merged/{,*.menu} r,
+  owner @{user_config_dirs}/menus/{,**.menu} r,
   owner @{user_config_dirs}/plasma-localerc rwl,
   owner @{user_config_dirs}/plasma-localerc.lock rwk,
   owner @{user_config_dirs}/plasma-workspace/env/ r,
@@ -69,6 +68,7 @@ profile startplasma @{exec_path} {
   owner /tmp/#@{int} rw,
   owner /tmp/startplasma-x11.@{rand6} rwl,
 
+  owner @{run}/user/@{uid}/ r,
         @{run}/user/@{uid}/xauth_@{rand6} rl,
 
   @{PROC}/sys/kernel/core_pattern r,