diff --git a/apparmor.d/groups/systemd/systemd-cgls b/apparmor.d/groups/systemd/systemd-cgls
new file mode 100644
index 000000000..16aeb1898
--- /dev/null
+++ b/apparmor.d/groups/systemd/systemd-cgls
@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/systemd-cgls
+profile systemd-cgls @{exec_path} {
+  include <abstractions/base>
+
+  ptrace (read),
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/pager     rPx -> child-pager,
+  /{usr/,}bin/less      rPx -> child-pager,
+  /{usr/,}bin/more      rPx -> child-pager,
+
+  @{sys}/fs/cgroup/{,**} r,
+
+  @{PROC}/@{pids}/cgroup r,
+  @{PROC}/@{pids}/cmdline r,
+  @{PROC}/@{pids}/stat r,
+
+  include if exists <local/systemd-cgls>
+}
diff --git a/apparmor.d/groups/systemd/systemd-cgtop b/apparmor.d/groups/systemd/systemd-cgtop
new file mode 100644
index 000000000..9bfdc4131
--- /dev/null
+++ b/apparmor.d/groups/systemd/systemd-cgtop
@@ -0,0 +1,24 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/systemd-cgtop
+profile systemd-cgtop @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/pager     rPx -> child-pager,
+  /{usr/,}bin/less      rPx -> child-pager,
+  /{usr/,}bin/more      rPx -> child-pager,
+
+  @{sys}/fs/cgroup/{,**} r,
+
+  @{PROC}/loadavg r,
+
+  include if exists <local/systemd-cgtop>
+}
diff --git a/profiles.flags b/profiles.flags
index 1495a1b85..b2e98abbc 100644
--- a/profiles.flags
+++ b/profiles.flags
@@ -125,6 +125,8 @@ swapon complain
 systemd-analyze complain
 systemd-ask-password complain
 systemd-binfmt complain
+systemd-cgls complain
+systemd-cgtop complain
 systemd-environment-d-generator complain
 systemd-escape complain
 systemd-homed complain