diff --git a/apparmor.d/profiles-s-z/secure-time-sync b/apparmor.d/profiles-s-z/secure-time-sync
index f317b9474..7545f53eb 100644
--- a/apparmor.d/profiles-s-z/secure-time-sync
+++ b/apparmor.d/profiles-s-z/secure-time-sync
@@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -17,13 +18,16 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) {
   network inet dgram,
   network inet6 dgram,
 
+  @{exec_path} mr,
+
+  @{bin}/{,ba,da}sh  rix,
+  @{bin}/curl        rix,
+  @{bin}/date        rix,
+  @{bin}/grep        rix,
+  @{bin}/id          rPx,
+  @{bin}/sed         rix,
+
   owner /dev/tty rw,
 
-  /usr/bin/bash ix,
-  /usr/bin/curl mrix,
-  /usr/bin/date mrix,
-  /usr/bin/grep mrix,
-  /usr/bin/id mrix,
-  /usr/bin/sed mrix,
-  @{exec_path} r,
+  include if exists <local/secure-time-sync>
 }
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 0d813e17a..8784b1cd7 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -291,6 +291,7 @@ runuser complain
 s3fs complain
 sdcv complain
 sddm attach_disconnected,mediate_deleted,complain
+secure-time-sync attach_disconnected,complain
 sftp-server complain
 sing-box complain
 slirp4netns attach_disconnected,complain