diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index 2dc7446c3..f2cd133c9 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -35,6 +35,7 @@ profile plasmashell @{exec_path} {
   @{libexec}/libheif/            r,
   @{libexec}/libheif/*.so*      rm,
   @{libexec}/kf5/kioslave5     rPx,
+  @{libexec}/kf5/kdesu{,d}     rix,
   /{usr/,}bin/dolphin          rPUx, # TODO: rPx,
   /{usr/,}bin/plasma-discover  rPUx,
 
@@ -49,11 +50,18 @@ profile plasmashell @{exec_path} {
   /usr/share/krunner/{,**} r,
   /usr/share/konsole/ r,
   /usr/share/akonadi/firstrun/{,*} r,
+  /usr/share/pipewire/client.conf r,
+  /usr/share/sounds/freedesktop/stereo/audio-volume-change.oga r,
+  /usr/share/sounds/freedesktop/index.theme r,
+  /usr/share/lshw/artwork/logo.svg r,
+  /usr/share/knotifications5/*.notifyrc r,
+  /usr/share/desktop-directories/kf5-*.directory r,
 
   /etc/appstream.conf r,
   /etc/cups/client.conf r,
   /etc/fstab r,
   /etc/machine-id r,
+  /etc/pipewire/client.conf.d/ r,
   /etc/pulse/client.conf r,
   /etc/pulse/client.conf.d/ r,
   /etc/xdg/baloofilerc r,
@@ -63,6 +71,7 @@ profile plasmashell @{exec_path} {
   /etc/xdg/krunnerrc r,
   /etc/xdg/kwinrc r,
   /etc/xdg/menus/ r,
+  /etc/xdg/menus/applications.menu r,
   /etc/xdg/menus/applications-merged/ r,
   /etc/xdg/plasmanotifyrc r,
   /etc/xdg/plasmarc r,
@@ -75,6 +84,7 @@ profile plasmashell @{exec_path} {
 
   owner @{user_cache_dirs}/ r,
   owner @{user_cache_dirs}/#[0-9]* rw,
+  owner @{user_cache_dirs}/event-sound-cache.tdb.*.x86_64-pc-linux-gnu rwk,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
   owner @{user_cache_dirs}/ksycoca5_* r,
   owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
@@ -105,7 +115,9 @@ profile plasmashell @{exec_path} {
   owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc.?????? rk,
   owner @{user_config_dirs}/plasma-pk-updates r,
   owner @{user_config_dirs}/plasma*desktop* rwlk,
-  owner @{user_config_dirs}/plasmanotifyrc r,
+  owner @{user_config_dirs}/plasmanotifyrc rw,
+  owner @{user_config_dirs}/plasmanotifyrc.lock rwk,
+  owner @{user_config_dirs}/plasmanotifyrc.* rwl,
   owner @{user_config_dirs}/plasmaparc r,
   owner @{user_config_dirs}/plasmashellrc r,
   owner @{user_config_dirs}/pulse/cookie rwk,
@@ -129,6 +141,7 @@ profile plasmashell @{exec_path} {
   owner @{user_share_dirs}/user-places.xbel r,
 
   owner @{run}/user/@{uid}/#[0-9]* rw,
+  owner @{run}/user/@{uid}/kdesud_:1 w,
   owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl,
   owner @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/pulse/ rw,
@@ -142,9 +155,13 @@ profile plasmashell @{exec_path} {
   owner @{PROC}/@{pid}/environ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
+  owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,
+  owner @{PROC}/@{pid}/attr/current r,
 
-  /dev/shm/ r,
-  /dev/tty r,
+        /dev/shm/ r,
+        /dev/tty r,
+        /dev/ptmx rw,
+  owner /dev/pts/[0-9]* rw,
 
   include if exists <local/plasmashell>
 }