I think the way to solve this is for either apparmor or firefox to ship /etc/apparmor.d/abstractions/ubuntu-browsers.d/nvidia with the 3 needed entries:
/dev/nvidactl rw,
/dev/nvidia0 rw,
/proc/interrupts r,
Then have the firefox.postinst.in have the following line when creating /etc/apparmor.d/abstractions/ubuntu-browsers.d/$APPNAME (this will have to be conditionally added if this include file is shipped in apparmor):
#include <abstractions/ubuntu-browsers.d/nvidia
This will make it so that new installs will get the nvidia abstraction, but people can opt out of it using 'aa-update-browser'.
I think the way to solve this is for either apparmor or firefox to ship /etc/apparmor. d/abstractions/ ubuntu- browsers. d/nvidia with the 3 needed entries:
/dev/nvidactl rw,
/dev/nvidia0 rw,
/proc/interrupts r,
Then have the firefox.postinst.in have the following line when creating /etc/apparmor. d/abstractions/ ubuntu- browsers. d/$APPNAME (this will have to be conditionally added if this include file is shipped in apparmor): ubuntu- browsers. d/nvidia
#include <abstractions/
This will make it so that new installs will get the nvidia abstraction, but people can opt out of it using 'aa-update- browser' .