From 50b720a8b90e5a458381f42f19ecee078559564e Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 3 Apr 2024 21:56:33 +0100
Subject: [PATCH] feat(profile): add gpu-manager.

---
 apparmor.d/profiles-g-l/gpu-manager | 33 +++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 apparmor.d/profiles-g-l/gpu-manager

diff --git a/apparmor.d/profiles-g-l/gpu-manager b/apparmor.d/profiles-g-l/gpu-manager
new file mode 100644
index 00000000..7e79f79c
--- /dev/null
+++ b/apparmor.d/profiles-g-l/gpu-manager
@@ -0,0 +1,33 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/gpu-manager
+profile gpu-manager @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/graphics>
+
+  capability sys_admin,
+  capability syslog,
+
+  @{exec_path} mr,
+
+  @{sh_path}   rix,
+  @{bin}/grep  rix,
+
+  /etc/modprobe.d/{,**} r,
+  /usr/lib/modprobe.d/{,**} r,
+
+  /var/lib/ubuntu-drivers-common/* rw,
+
+  /var/log/gpu-manager.log w,
+
+  @{PROC}/modules r,
+  @{PROC}/cmdline r,
+
+  include if exists <local/gpu-manager>
+}
\ No newline at end of file