diff --git a/apparmor.d/profiles-s-z/sysstat-sa b/apparmor.d/profiles-s-z/sysstat-sa
new file mode 100644
index 000000000..37f5e3ca1
--- /dev/null
+++ b/apparmor.d/profiles-s-z/sysstat-sa
@@ -0,0 +1,38 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/sysstat/sa{1,2} @{lib}/sysstat/debian-sa{1,2}
+profile sysstat-sa @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+  @{bin}/ r,
+
+  @{sh_path}          rix,
+  @{bin}/date          ix,
+  @{bin}/find          ix,
+  @{bin}/grep          ix,
+  @{bin}/rm            ix,
+  @{bin}/sar.sysstat   ix,
+  @{bin}/xargs         ix,
+  @{lib}/sysstat/sadc  Px,
+
+  /etc/sysstat/sysstat r,
+
+  /var/log/sysstat/ r,
+  /var/log/sysstat/** rw,
+
+  @{tmp}/#@{int} rw,
+
+  @{PROC}/@{pid}/fd/ r,
+
+  include if exists <local/sysstat-sa>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/profiles-s-z/sysstat-sadc b/apparmor.d/profiles-s-z/sysstat-sadc
new file mode 100644
index 000000000..982c48d81
--- /dev/null
+++ b/apparmor.d/profiles-s-z/sysstat-sadc
@@ -0,0 +1,48 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/sysstat/sadc
+profile sysstat-sadc @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/disks-read>
+
+  capability sys_admin,
+
+  @{exec_path} mr,
+
+  /etc/sensors.d/{,**} r,
+  /etc/sensors3.conf r,
+
+  /var/log/sysstat/{,**} rwk,
+
+  @{sys}/bus/i2c/devices/ r,
+  @{sys}/class/hwmon/ r,
+  @{sys}/class/i2c-adapter/ r,
+  @{sys}/devices/@{pci}/i2c-@{int}/name r,
+  @{sys}/devices/@{pci}/net/*/duplex r,
+  @{sys}/devices/virtual/net/*/duplex r,
+  @{sys}/devices/virtual/net/*/speed r,
+
+  @{PROC}/@{pid}/net/* r,
+  @{PROC}/diskstats r,
+  @{PROC}/loadavg r,
+  @{PROC}/pressure/cpu r,
+  @{PROC}/pressure/io r,
+  @{PROC}/pressure/memory r,
+  @{PROC}/sys/fs/dentry-state r,
+  @{PROC}/sys/fs/file-nr r,
+  @{PROC}/sys/fs/inode-state r,
+  @{PROC}/sys/kernel/pty/nr r,
+  @{PROC}/tty/driver/serial r,
+  @{PROC}/uptime r,
+  @{PROC}/vmstat r,
+
+  include if exists <local/sysstat-sadc>
+}
+
+# vim:syntax=apparmor
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 57f6a1457..06c3e3e27 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -304,6 +304,8 @@ swtpm complain
 swtpm_ioctl complain
 swtpm_localca complain
 swtpm_setup complain
+sysstat-sa complain
+sysstat-sadc complain
 systemd-analyze complain
 systemd-ask-password complain
 systemd-binfmt attach_disconnected,complain