diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd
index 87e9d163..9206fa4d 100644
--- a/apparmor.d/groups/_full/systemd
+++ b/apparmor.d/groups/_full/systemd
@@ -72,6 +72,7 @@ profile systemd /{usr/,}lib/systemd/systemd flags=(complain) {
   /{usr/,}bin/gjs                           rPx,
   /{usr/,}bin/gnome-keyring-daemon          rPx,
   /{usr/,}bin/gnome-shell                   rPx,
+  /{usr/,}bin/gsettings                     rPx,
   /{usr/,}lib/dconf/dconf-service           rPx,
   /{usr/,}lib/gvfs/gvfs-*                   rPx,
   /{usr/,}lib/gvfs/gvfsd*                   rPx,
diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session
index c353e957..775bd492 100644
--- a/apparmor.d/groups/bus/dbus-run-session
+++ b/apparmor.d/groups/bus/dbus-run-session
@@ -19,7 +19,7 @@ profile dbus-run-session @{exec_path} {
   /{usr/,}bin/dbus-daemon           rPx,
   /{usr/,}bin/gnome-session         rix,
   /{usr/,}bin/gnome-shell           rPx,
-  /{usr/,}bin/gsettings             rix,
+  /{usr/,}bin/gsettings             rPx,
   @{libexec}/gnome-session-binary   rPx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session
index 01ff3025..7ec7de08 100644
--- a/apparmor.d/groups/gnome/gdm-wayland-session
+++ b/apparmor.d/groups/gnome/gdm-wayland-session
@@ -45,7 +45,7 @@ profile gdm-wayland-session @{exec_path} {
   /{usr/,}bin/gettext.sh             r,
   /{usr/,}bin/gnome-session        rix,
   /{usr/,}bin/grep                 rix,
-  /{usr/,}bin/gsettings            rix,
+  /{usr/,}bin/gsettings            rPx,
   /{usr/,}bin/head                 rix,
   /{usr/,}bin/id                   rix,
   /{usr/,}bin/locale               rix,
diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession
index e2448f6e..7c2c049a 100644
--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@@ -24,7 +24,7 @@ profile gdm-xsession @{exec_path} {
   /{usr/,}bin/gettext         rix,
   /{usr/,}bin/gettext.sh      r,
   /{usr/,}bin/gnome-session   rix,
-  /{usr/,}bin/gsettings       rix,
+  /{usr/,}bin/gsettings       rPx,
   /{usr/,}bin/id              rix,
   /{usr/,}bin/locale          rix,
   /{usr/,}bin/locale-check    rix,
diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary
index 44cc7404..20ef114f 100644
--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@@ -138,7 +138,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/env                                          rix,
   /{usr/,}bin/gnome-session                                rix,
   /{usr/,}bin/grep                                         rix,
-  /{usr/,}bin/gsettings                                    rix,
+  /{usr/,}bin/gsettings                                    rPx,
   /{usr/,}bin/gsettings-data-convert                       rix,
   /{usr/,}bin/mkdir                                        rix,
   /{usr/,}bin/session-migration                            rix,
diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui
index d0df2371..14eaddfe 100644
--- a/apparmor.d/groups/network/mullvad-gui
+++ b/apparmor.d/groups/network/mullvad-gui
@@ -35,7 +35,7 @@ profile mullvad-gui @{exec_path} {
   "/opt/Mullvad VPN/*.so*" mr,
 
   /{usr/,}bin/{,ba,da}sh  rix,
-  /{usr/,}bin/gsettings   rix,
+  /{usr/,}bin/gsettings   rPx,
   /{usr/,}bin/xdg-open    rPx,
 
   "/opt/Mullvad VPN/{,**}" r,
diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings
new file mode 100644
index 00000000..e9db3c5a
--- /dev/null
+++ b/apparmor.d/profiles-g-l/gsettings
@@ -0,0 +1,23 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/gsettings
+profile gsettings @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dconf-write>
+
+  @{exec_path} mr,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+  /usr/share/dconf/profile/gdm r,
+  /usr/share/gdm/greeter-dconf-defaults r,
+
+  owner /dev/tty[0-9]* rw,
+
+  include if exists <local/gsettings>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/xdm-xsession b/apparmor.d/profiles-s-z/xdm-xsession
index a9eca8de..db1220fa 100644
--- a/apparmor.d/profiles-s-z/xdm-xsession
+++ b/apparmor.d/profiles-s-z/xdm-xsession
@@ -39,7 +39,7 @@ profile xdm-xsession @{exec_path} {
   @{libexec}/gnome-session-binary                rPx,
   /{usr/,}bin/gnome                              rix,
   /{usr/,}bin/gnome-session                      rix,
-  /{usr/,}bin/gsettings                          rix,
+  /{usr/,}bin/gsettings                          rPx,
 
   @{etc_ro}/X11/xdm/sys.xsession                    rix,
   @{etc_ro}/X11/xinit/xinitrc.d/50-systemd-user.sh  rix,
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index e2f95eb6..28949ece 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -113,6 +113,7 @@ grub-syslinux2cfg complain
 gsd-media-keys attach_disconnected,complain
 gsd-print-notifications attach_disconnected,complain
 gsd-printer attach_disconnected,complain
+gsettings complain
 gvfsd-dav complain
 hostnamectl complain
 ibus-engine-table complain