diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home
index 6fa612e8..ad49264c 100644
--- a/apparmor.d/abstractions/deny-sensitive-home
+++ b/apparmor.d/abstractions/deny-sensitive-home
@@ -11,19 +11,21 @@
 
 # Use in this project: file browser and search engine
 
-  deny @{HOME}/.*_history            rwlk,
-  deny @{HOME}/.*age*{,/{,**}}       rwlk,
-  deny @{HOME}/.*cert*{,/{,**}}      rwlk,
-  deny @{HOME}/.*key*{,/{,**}}       rwlk,
-  deny @{HOME}/.*pass*{,/{,**}}      rwlk,
-  deny @{HOME}/.*pki*{,/{,**}}       rwlk,
-  deny @{HOME}/.*private*{,/{,**}}   rwlk,
-  deny @{HOME}/.*secret*{,/{,**}}    rwlk,
-  deny @{HOME}/.*yubi*{,/{,**}}      rwlk,
-  deny @{HOME}/.lesshst*             rwlk,
-  deny @{HOME}/.wget-hsts            rwlk,
-  deny @{HOME}/@{XDG_GPG_DIR}/{,**}  rwlk,
-  deny @{HOME}/@{XDG_SSH_DIR}/{,**}  rwlk,
+  deny @{HOME}/.*_history                 rwlk,
+  deny @{HOME}/.*age*{,/{,**}}            rwlk,
+  deny @{HOME}/.*cert*{,/{,**}}           rwlk,
+  deny @{HOME}/.*key*{,/{,**}}            rwlk,
+  deny @{HOME}/.*pass*{,/{,**}}           rwlk,
+  deny @{HOME}/.*pki*{,/{,**}}            rwlk,
+  deny @{HOME}/.*private*{,/{,**}}        rwlk,
+  deny @{HOME}/.*secret*{,/{,**}}         rwlk,
+  deny @{HOME}/.*yubi*{,/{,**}}           rwlk,
+  deny @{HOME}/.lesshst*                  rwlk,
+  deny @{HOME}/.wget-hsts                 rwlk,
+  deny @{HOME}/@{XDG_GPG_DIR}/{,**}       rwlk,
+  deny @{HOME}/@{XDG_SSH_DIR}/{,**}       rwlk,
+  deny @{user_config_dirs}/*-store/{,**}  rwlk,
+  deny @{user_password_store_dirs}/{,**}  rwlk,
 
   # Deny executable mapping in writable space as allowed in abstractions/fonts
   deny @{HOME}/.{,cache/}fontconfig/ rw,