diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman
index 4807101a..d6d58c81 100644
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@@ -64,7 +64,7 @@ profile pacman @{exec_path} {
   @{bin}/gdk-pixbuf-query-loaders    rPx,
   @{bin}/getent                      rix,
   @{bin}/gettext                     rix,
-  @{bin}/ghc-pkg-*                   rix,
+  @{bin}/ghc-pkg{,-*}                rPx,
   @{bin}/gio-querymodules            rPx,
   @{bin}/glib-compile-schemas        rPx,
   @{bin}/groupadd                    rPx,
@@ -98,7 +98,6 @@ profile pacman @{exec_path} {
   @{bin}/update-mime-database        rPx,
   @{bin}/vercmp                      rix,
   @{bin}/xmlcatalog                  rix,
-  @{lib}/ghc-*/bin/ghc-pkg           rix,
   @{lib}/systemd/systemd-*           rPx,
   @{lib}/vlc/vlc-cache-gen           rPx,
   /usr/share/code-features/patch.py      rPx,
diff --git a/apparmor.d/profiles-g-l/ghc-pkg b/apparmor.d/profiles-g-l/ghc-pkg
new file mode 100644
index 00000000..f4518370
--- /dev/null
+++ b/apparmor.d/profiles-g-l/ghc-pkg
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/ghc-pkg{,-*}
+profile ghc-pkg @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  capability dac_read_search,
+
+  @{exec_path} mr,
+
+  @{sh_path} rix,
+
+  @{lib}/ghc{,-*}/bin/ghc-pkg{,-*} rix,
+
+  @{lib}/ghc{,-*}/lib/package.conf.d/* rw,
+  @{lib}/ghc{,-*}/lib/package.conf.d/package.cache.lock k,
+
+  /var/log/haskell-register.log rw,
+
+  @{sys}/devices/system/node/ r,
+
+  include if exists <local/ghc-pkg>
+}
\ No newline at end of file