permissions – AppArmor to add restrictions to execute a process

I have a daemon process that starts with another process. My requirement is that I want only a couple of processes to allow this process to be executed.


Let's say that the process of the daemon is: X

The root user starts it with the command:

X service home

Now I have a ruby ​​script. When this script is executed, invoke the command to start the X service. I want to make sure that only this Ruby script (or other designated processes) has permission to start the X service.

Can I achieve this using AppArmor?