# vim:syntax=apparmor # ------------------------------------------------------------------ # # Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # ------------------------------------------------------------------ abi , include # When any of the "ns*" fields is displayed, the following error will be printed: # "Failed name lookup - disconnected path" error=-13 profile="top" name="". @{exec_path} = /{usr/,}bin/top profile top @{exec_path} flags=(attach_disconnected) { include include include # To be able to read the /proc/ files of all processes in the system. capability dac_read_search, # To manage priorities. capability sys_nice, # To terminate other users' processes when top is started as root. capability kill, capability sys_ptrace, signal (send), ptrace (read), @{exec_path} mr, @{PROC}/ r, @{PROC}/loadavg r, @{PROC}/uptime r, @{PROC}/tty/drivers r, @{PROC}/sys/kernel/osrelease r, @{PROC}/sys/kernel/pid_max r, @{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/stat r, @{PROC}/@{pids}/statm r, @{PROC}/@{pids}/environ r, @{PROC}/@{pids}/oom_{,score_}adj r, @{PROC}/@{pids}/oom_score r, @{PROC}/@{pids}/cgroup r, @{PROC}/@{pids}/wchan r, @{PROC}/@{pids}/task/ r, @{PROC}/@{pids}/task/@{tid}/cmdline r, @{PROC}/@{pids}/task/@{tid}/stat r, @{PROC}/@{pids}/task/@{tid}/statm r, @{PROC}/@{pids}/task/@{tid}/environ r, @{PROC}/@{pids}/task/@{tid}/oom_{,score_}adj r, @{PROC}/@{pids}/task/@{tid}/oom_score r, @{PROC}/@{pids}/oom_{,score_}adj r, @{PROC}/@{pids}/oom_score r, @{PROC}/@{pids}/task/@{tid}/cgroup r, @{PROC}/@{pids}/task/@{tid}/wchan r, @{PROC}/@{pids}/task/@{tid}/status r, /etc/topdefaultrc r, /etc/toprc r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node[0-9]*/meminfo r, @{sys}/devices/system/node/node[0-9]*/cpumap r, owner @{HOME}/.config/procps/ rw, owner @{HOME}/.config/procps/toprc rw, include if exists }