From 4ccf2156de7d6df6730dbe18a7ef203bd639dea5 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 13 Sep 2024 20:07:41 +0100
Subject: [PATCH] fix(abs): base: allow inherited mesa cache

mesa 24.2 introduced a shader disk cache which is enabled by default, which opens quite a lot of fd. They are not closed and get inherited by child programs.

Denying it can cause crash, so we are allowing it globally while the issue is beeing fixed in mesa.

See: https://gitlab.freedesktop.org/mesa/mesa/-/issues/11810
---
 apparmor.d/abstractions/base.d/complete | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete
index e9761b84..f0b3efda 100644
--- a/apparmor.d/abstractions/base.d/complete
+++ b/apparmor.d/abstractions/base.d/complete
@@ -24,6 +24,12 @@
   @{etc_rw}/localtime r,
   /etc/locale.conf r,
 
+  # mesa 24.2 introduced a shader disk cache which opens quite a lot of fd.
+  # They are not closed and get inherited by child programs. Denying it can cause
+  # crash, so we are allowing it globally while the issue is beeing fixed in mesa.
+  owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.db rw,
+  owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.idx rw,
+
   @{sys}/devices/system/cpu/possible r,
 
   @{PROC}/sys/kernel/core_pattern r,