From c85ed58fa98935d9d475496f02347a2319ce4992 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 7 Jul 2025 00:30:21 +0200
Subject: [PATCH] feat(profile): add vmstat

---
 apparmor.d/groups/procps/vmstat      | 27 +++++++++++++++++++++++++++
 tests/integration/procps/vmstat.bats | 25 +++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 apparmor.d/groups/procps/vmstat
 create mode 100644 tests/integration/procps/vmstat.bats

diff --git a/apparmor.d/groups/procps/vmstat b/apparmor.d/groups/procps/vmstat
new file mode 100644
index 000000000..1276222a2
--- /dev/null
+++ b/apparmor.d/groups/procps/vmstat
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/vmstat
+profile vmstat @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+
+  @{sys}/block/ r,
+  @{sys}/devices/system/node/ r,
+
+  @{PROC}/diskstats r,
+  @{PROC}/slabinfo r,
+  @{PROC}/uptime r,
+  @{PROC}/vmstat r,
+
+  include if exists <local/vmstat>
+}
+
+# vim:syntax=apparmor
diff --git a/tests/integration/procps/vmstat.bats b/tests/integration/procps/vmstat.bats
new file mode 100644
index 000000000..e5900a324
--- /dev/null
+++ b/tests/integration/procps/vmstat.bats
@@ -0,0 +1,25 @@
+#!/usr/bin/env bats
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+load ../common
+
+@test "vmstat: Display virtual memory statistics" {
+    vmstat
+    vmstat --active
+    vmstat --forks
+}
+
+@test "vmstat: Display disk statistics" {
+    vmstat --disk
+    vmstat --disk-sum 
+}
+
+@test "vmstat: Display slabinfo" {
+    sudo vmstat --slabs
+}
+
+@test "vmstat: Display reports every second for 3 times" {
+    vmstat 1 3
+}