mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
33 lines
1,000 B
Text
33 lines
1,000 B
Text
# vim:syntax=apparmor
|
|
# OpenCL access requirements for NVIDIA implementation
|
|
|
|
#include <abstractions/nvidia>
|
|
#include <abstractions/opencl-common>
|
|
|
|
# Executables
|
|
|
|
# https://github.com/NVIDIA/nvidia-modprobe
|
|
# This setuid executable is used to create various device files and load the
|
|
# the nvidia kernel module and is therefore not appropriate for a general
|
|
# purpose abstraction. Confined applications currently need to add this rule
|
|
# in their policy. At some point, a profile may be provided for this command
|
|
# such that Px would succeed.
|
|
#/usr/bin/nvidia-modprobe Pix,
|
|
|
|
# System files
|
|
|
|
# libnvidia-opencl.so rules:
|
|
/dev/nvidia-uvm rw,
|
|
/dev/nvidia-uvm-tools rw,
|
|
/sys/devices/pci[0-9]*/**/config r,
|
|
/sys/devices/system/memory/block_size_bytes r,
|
|
/usr/share/nvidia/** r,
|
|
@{PROC}/devices r,
|
|
@{PROC}/sys/vm/mmap_min_addr r,
|
|
|
|
# User files
|
|
|
|
owner @{HOME}/.nv/ComputeCache/ w,
|
|
owner @{HOME}/.nv/ComputeCache/** rw,
|
|
owner @{HOME}/.nv/ComputeCache/index rwk,
|
|
|