From b50eb2d18e151db906015f43290d39d0fed966d1 Mon Sep 17 00:00:00 2001
From: Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>
Date: Thu, 16 Jan 2025 14:12:01 -0500
Subject: [PATCH] more granularity for process's child threads

---
 profiles/apparmor.d/lsof | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/lsof b/profiles/apparmor.d/lsof
index 7e9c67de5..60cc6751c 100644
--- a/profiles/apparmor.d/lsof
+++ b/profiles/apparmor.d/lsof
@@ -23,7 +23,10 @@ profile lsof /usr/bin/lsof {
   @{PROC}/@{pid}/task/ r,
   @{PROC}/@{pid}/fd/ r,
   @{PROC}/@{pid}/fdinfo/* r,
-  @{PROC}/@{pid}/task/** r,
+
+  @{PROC}/@{pid}/task/@{pid}/stat r,
+  @{PROC}/@{pid}/task/@{pid}/fd r,
+  @{PROC}/@{pid}/task/@{pid}/fdinfo/* r,
 
   include if exists <local/lsof>
 }