diff --git a/apparmor.d/groups/gnome/ptyxis b/apparmor.d/groups/gnome/ptyxis
new file mode 100644
index 000000000..739681eae
--- /dev/null
+++ b/apparmor.d/groups/gnome/ptyxis
@@ -0,0 +1,38 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/ptyxis
+profile ptyxis @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/common/gnome>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+
+  @{lib}/ptyxis-agent          Px,
+  @{open_path}                 Px -> child-open-help,
+
+  /etc/shells r,
+
+  owner @{user_cache_dirs}/org.gnome.Ptyxis/ rw,
+  owner @{user_cache_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_cache_dirs}/org.gnome.Ptyxis/**,
+
+  owner @{user_config_dirs}/org.gnome.Ptyxis/ rw,
+  owner @{user_config_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_config_dirs}/org.gnome.Ptyxis/**,
+
+  owner @{user_share_dirs}/org.gnome.Ptyxis/ rw,
+  owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**,
+
+  owner @{PROC}/@{pid}/stat r,
+
+  /dev/ptmx rw,
+
+  include if exists <local/ptyxis>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/groups/gnome/ptyxis-agent b/apparmor.d/groups/gnome/ptyxis-agent
new file mode 100644
index 000000000..239993f21
--- /dev/null
+++ b/apparmor.d/groups/gnome/ptyxis-agent
@@ -0,0 +1,46 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/ptyxis-agent
+profile ptyxis-agent @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
+  include <abstractions/dconf-write>
+
+  signal send set=hup peer=unconfined,
+
+  ptrace read,
+
+  @{exec_path} mr,
+
+  @{bin}/podman       Px,
+  @{bin}/systemd-run  Cx -> shell,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  owner @{PROC}/@{pid}/cmdline r,
+
+  /dev/ptmx rw,
+
+  profile shell {
+    include <abstractions/base>
+    include <abstractions/consoles>
+
+    signal send,
+
+    @{bin}/systemd-run mr,
+    @{bin}/@{shells}   Ux,
+
+    include if exists <local/ptyxis-agent_shell>
+  }
+
+  include if exists <local/ptyxis-agent>
+}
+
+# vim:syntax=apparmor
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 70d484953..2cef12304 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -271,6 +271,8 @@ plymouth complain
 plymouth-set-default-theme attach_disconnected,complain
 plymouthd complain
 polkit-kde-authentication-agent attach_disconnected,complain,mediate_deleted
+ptyxis complain
+ptyxis-agent complain
 qdbus complain
 remmina complain
 run-parts complain