diff --git a/desktop/tauri/src-tauri/src/main.rs b/desktop/tauri/src-tauri/src/main.rs
index 7dd9df42..cce1b266 100644
--- a/desktop/tauri/src-tauri/src/main.rs
+++ b/desktop/tauri/src-tauri/src/main.rs
@@ -120,7 +120,6 @@ fn show_webview_not_installed_dialog() -> i32 {
 }
 
 fn main() {
-    env::set_var("GDK_BACKEND", "x11");
     if tauri::webview_version().is_err() {
         std::process::exit(show_webview_not_installed_dialog());
     }
@@ -139,7 +138,7 @@ fn main() {
 
     // TODO(vladimir): Permission for logs/app2 folder are not guaranteed. Use the default location for now.
     #[cfg(target_os = "windows")]
-    let log_target = if let Some(data_dir) = cli.data {
+    let log_target = if let Some(data_dir) = cli_args.data {
         tauri_plugin_log::Target::new(tauri_plugin_log::TargetKind::LogDir { file_name: None })
     } else {
         tauri_plugin_log::Target::new(tauri_plugin_log::TargetKind::Stdout)
diff --git a/packaging/linux/postinst b/packaging/linux/postinst
index ab056723..60e3d97e 100644
--- a/packaging/linux/postinst
+++ b/packaging/linux/postinst
@@ -11,6 +11,9 @@ if command -V semanage >/dev/null 2>&1; then
     restorecon -R /usr/lib/portmaster/portmaster-core 2>/dev/null >&2 || :
 fi
 
+mv /usr/bin/portmaster /usr/lib/portmaster/portmaster
+ln -s /usr/lib/portmaster/portmaster /usr/bin/portmaster 
+
 systemctl daemon-reload
 systemctl enable portmaster.service
 
diff --git a/service/firewall/api.go b/service/firewall/api.go
index f16b7acd..50bafa39 100644
--- a/service/firewall/api.go
+++ b/service/firewall/api.go
@@ -132,8 +132,7 @@ func authenticateAPIRequest(ctx context.Context, pktInfo *packet.Info) (retry bo
 	var originalPid int
 
 	// Get authenticated path.
-	// FIXME(vladimir): provide a better check for detecting filepath. Note there is exception on linux with portmaster ui.
-	authenticatedPath := "" // updates.RootPath()
+	authenticatedPath := module.instance.BinaryUpdates().GetRootPath()
 	if authenticatedPath == "" {
 		return false, fmt.Errorf(deniedMsgMisconfigured, api.ErrAPIAccessDeniedMessage) //nolint:stylecheck // message for user
 	}
diff --git a/service/firewall/module.go b/service/firewall/module.go
index 131d4cac..d6e38bca 100644
--- a/service/firewall/module.go
+++ b/service/firewall/module.go
@@ -16,6 +16,7 @@ import (
 	"github.com/safing/portmaster/service/netquery"
 	"github.com/safing/portmaster/service/network"
 	"github.com/safing/portmaster/service/profile"
+	"github.com/safing/portmaster/service/updates"
 	"github.com/safing/portmaster/spn/access"
 	"github.com/safing/portmaster/spn/captain"
 )
@@ -160,6 +161,7 @@ func New(instance instance) (*Firewall, error) {
 
 type instance interface {
 	Config() *config.Config
+	BinaryUpdates() *updates.Updates
 	Profile() *profile.ProfileModule
 	Captain() *captain.Captain
 	Access() *access.Access
diff --git a/service/process/module.go b/service/process/module.go
index b17a0c05..e2c6eb7f 100644
--- a/service/process/module.go
+++ b/service/process/module.go
@@ -4,12 +4,16 @@ import (
 	"errors"
 	"sync/atomic"
 
+	"github.com/safing/portmaster/base/log"
 	"github.com/safing/portmaster/service/mgr"
+	"github.com/safing/portmaster/service/updates"
 )
 
 type ProcessModule struct {
 	mgr      *mgr.Manager
 	instance instance
+
+	portmasterUIPath string
 }
 
 func (pm *ProcessModule) Manager() *mgr.Manager {
@@ -17,6 +21,12 @@ func (pm *ProcessModule) Manager() *mgr.Manager {
 }
 
 func (pm *ProcessModule) Start() error {
+	file, err := pm.instance.BinaryUpdates().GetFile("portmaster")
+	if err != nil {
+		log.Errorf("process: failed to get path of ui: %s", err)
+	} else {
+		pm.portmasterUIPath = file.Path()
+	}
 	return nil
 }
 
@@ -59,4 +69,6 @@ func New(instance instance) (*ProcessModule, error) {
 	return module, nil
 }
 
-type instance interface{}
+type instance interface {
+	BinaryUpdates() *updates.Updates
+}
diff --git a/service/process/profile.go b/service/process/profile.go
index 7ac4ed15..e97b1d01 100644
--- a/service/process/profile.go
+++ b/service/process/profile.go
@@ -72,20 +72,9 @@ func (p *Process) getSpecialProfileID() (specialProfileID string) {
 		specialProfileID = profile.PortmasterProfileID
 	default:
 		// Check if this is another Portmaster component.
-		// FIXME(vladimir): provide a better check for detecting filepath. Note there is exception on linux with portmaster ui.
-		// if updatesPath != "" && strings.HasPrefix(p.Path, updatesPath) {
-		// 	switch {
-		// 	case strings.Contains(p.Path, "portmaster-app"):
-		// 		specialProfileID = profile.PortmasterAppProfileID
-		// 	case strings.Contains(p.Path, "portmaster-notifier"):
-		// 		specialProfileID = profile.PortmasterNotifierProfileID
-		// 	default:
-		// 		// Unexpected binary from within the Portmaster updates directpry.
-		// 		log.Warningf("process: unexpected binary in the updates directory: %s", p.Path)
-		// 		// TODO: Assign a fully restricted profile in the future when we are
-		// 		// sure that we won't kill any of our own things.
-		// 	}
-		// }
+		if module.portmasterUIPath != "" && p.Path == module.portmasterUIPath {
+			specialProfileID = profile.PortmasterAppProfileID
+		}
 		// Check if this is the system resolver.
 		switch runtime.GOOS {
 		case "windows":
diff --git a/service/updates/module.go b/service/updates/module.go
index 8807aa24..16858836 100644
--- a/service/updates/module.go
+++ b/service/updates/module.go
@@ -188,6 +188,10 @@ func (u *Updates) Start() error {
 	return nil
 }
 
+func (u *Updates) GetRootPath() string {
+	return u.registry.dir
+}
+
 // GetFile returns the path of a file given the name.
 func (u *Updates) GetFile(id string) (*File, error) {
 	file, ok := u.registry.files[id]