[apparmor] PS Profile question

[parspes]

Hi everyone,
 I have a tenative profile for bin.ps but I have a question before I
submit it to the package maintainer.I have received no response from
the package maintainer regarding a profile.

 I have identified three capabilitier requested by ps on my system:
dac_override
dac_read_search
sys_ptrace

 It appears that for general functioning the only absolutely necessary
capability is sys_ptrace, as well as I can discern. I request
suggestions about which capabilities should be allowed and which
should be denied. Thanks.
                                       Pat