mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

nvidia_modprobe: allow reading driver parameters

Browse source 
On Debian Sid nvidia_modprobe is not permissive enough:

```
type=AVC msg=audit(1598788812.837:495): apparmor="DENIED"
operation="open" profile="nvidia_modprobe"
name="/proc/driver/nvidia/params" pid=31586 comm="nvidia-modprobe"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```

Update profile to all reading /proc/driver/nvidia/params

Fixes Debian bug 969267 [0]

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969267
This commit is contained in:
Vincas Dargis 2020-08-30 19:24:29 +03:00
parent 398bb20dfd
commit a98a4f734f
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/apparmor.d/nvidia_modprobe
View file

@ -29,6 +29,7 @@ profile nvidia_modprobe {
@{sys}/bus/pci/devices/ r,
@{sys}/devices/pci[0-9]*/**/config r,
@{PROC}/devices r,
@{PROC}/driver/nvidia/params r,
@{PROC}/modules r,
@{PROC}/sys/kernel/modprobe r,