logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

nvidia_modprobe (1212B)

    

  1. # vim:syntax=apparmor
  3. abi <abi/3.0>,
  5. include <tunables/global>
  7. profile nvidia_modprobe {
  8.   include <abstractions/base>
  10.   # Capabilities
  12.   capability chown,
  13.   capability mknod,
  14.   capability setuid,
  15.   capability sys_admin,
  17.   # Main executable
  19.   /usr/bin/nvidia-modprobe mr,
  21.   # Other executables
  23.   /usr/bin/kmod Cx -> kmod,
  25.   # System files
  27.   /dev/nvidia-modeset w,
  28.   /dev/nvidia-uvm w,
  29.   /dev/nvidia-uvm-tools w,
  30.   @{sys}/bus/pci/devices/ r,
  31.   @{sys}/devices/pci[0-9]*/**/config r,
  32.   @{PROC}/devices r,
  33.   @{PROC}/driver/nvidia/params r,
  34.   @{PROC}/modules r,
  35.   @{PROC}/sys/kernel/modprobe r,
  37.   # Child profiles
  39.   profile kmod {
  40.     include <abstractions/base>
  42.     # Capabilities
  44.     capability sys_module,
  46.     # Main executable
  48.     /usr/bin/kmod mrix,
  50.     # Other executables
  52.     /{,usr/}bin/{,ba,da}sh ix,
  54.     # System files
  56.     /etc/modprobe.d/{,*.conf} r,
  57.     /etc/nvidia/{current,legacy*,tesla*}/*.conf r,
  58.     @{sys}/module/ipmi_devintf/initstate r,
  59.     @{sys}/module/ipmi_msghandler/initstate r,
  60.     @{sys}/module/{drm,nvidia}/initstate r,
  61.     @{PROC}/cmdline r,
  62.   }
  64.   # Site-specific additions and overrides. See local/README for details.
  65.   include if exists <local/nvidia_modprobe>
  66. }