Subject: nvidia abstractions cleanups

Merge from trunk commit 2090

Original message:
  Subject: profiles - nvidia abstraction cleanups
  
  This patch modifies the nvidia abstraction to add the livdpau wrapper
  config file for nvidia workarounds. It also converts the /proc/
  rules to use the @{PROC} tunable. And finally, it converts the
  ubuntu-browsers.d/multimedia abstraction to use the nvidia abstraction.
  
  Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
  Acked-By: Jamie Strandboge <jamie@canonical.com>

Nominated-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>

profiles/apparmor.d/abstractions/nvidia

@@ -4,9 +4,12 @@
   # configuration queries
   capability ipc_lock,
 
+  # libvdpau config file for nvidia workarounds
+  /etc/vdpau_wrapper.cfg r,
+
   # device files
   /dev/nvidia0    rw,
   /dev/nvidiactl  rw,
 
-  /proc/interrupts r,
-  /proc/sys/vm/max_map_count r,
+  @{PROC}/interrupts r,
+  @{PROC}/sys/vm/max_map_count r,

profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia

@@ -50,10 +50,8 @@
   /opt/google/talkplugin/GoogleTalkPlugin ixr,
   owner @{HOME}/.config/google-googletalkplugin/** rw,
 
-  # If we allow the above, nvidia based systems will also need these
-  /dev/nvidactl rw,
-  /dev/nvidia0 rw,
-  @{PROC}/interrupts r,
+  # If we allow the above, nvidia based systems will also need this
+  #include <abstractions/nvidia>
 
   # Virus scanners
   /usr/bin/clamscan Cx -> sanitized_helper,