Merge lp:~osomon/apparmor/newer-nvidia-abstraction-trunk into lp:apparmor/2.12

Proposed by Olivier Tilloy on 2017-03-06
Status: Merged
Approved by: Tyler Hicks on 2017-03-16
Approved revision: 3646
Merged at revision: 3645
Proposed branch: lp:~osomon/apparmor/newer-nvidia-abstraction-trunk
Merge into: lp:apparmor/2.12
Diff against target: 21 lines (+5/-2)
1 file modified
profiles/apparmor.d/abstractions/nvidia (+5/-2)
To merge this branch: bzr merge lp:~osomon/apparmor/newer-nvidia-abstraction-trunk
Reviewer Review Type Date Requested Status
Tyler Hicks Approve on 2017-03-16
Jamie Strandboge 2017-03-06 Approve on 2017-03-06
Review via email:

Commit message

Update nvidia abstraction for newer nvidia drivers.

Jamie Strandboge (jdstrand) wrote :

Some inline questions.

review: Needs Information
Tyler Hicks (tyhicks) wrote :

I'm just chiming in to say that I agree with Jamie here.

3646. By Olivier Tilloy on 2017-03-06

Specify device nodes instead of being too permissive.

Olivier Tilloy (osomon) wrote :

Thanks for the feedback! Replied inline.

Jamie Strandboge (jdstrand) wrote :

I mentioned '@{PROC}/driver/nvidia/params r,' but it is already included (sorry). Approve updated MP.

review: Approve
Tyler Hicks (tyhicks) wrote :

Looks good to me!

review: Approve

Preview Diff

=== modified file 'profiles/apparmor.d/abstractions/nvidia'
--- profiles/apparmor.d/abstractions/nvidia 2014-06-06 18:50:58 +0000
+++ profiles/apparmor.d/abstractions/nvidia 2017-03-06 18:59:56 +0000
@@ -8,8 +8,9 @@
8 /etc/vdpau_wrapper.cfg r,8 /etc/vdpau_wrapper.cfg r,
10 # device files10 # device files
11 /dev/nvidia0 rw,11 /dev/nvidiactl rw,
12 /dev/nvidiactl rw,12 /dev/nvidia-modeset rw,
13 /dev/nvidia[0-9]* rw,
14 @{PROC}/interrupts r,15 @{PROC}/interrupts r,
15 @{PROC}/sys/vm/max_map_count r,16 @{PROC}/sys/vm/max_map_count r,
@@ -18,3 +19,5 @@
19 owner @{HOME}/.nv/GLCache/ r,20 owner @{HOME}/.nv/GLCache/ r,
20 owner @{HOME}/.nv/GLCache/** rwk,21 owner @{HOME}/.nv/GLCache/** rwk,
23 unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),


