mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d/abstractions/opencl-nvidia
Vincas Dargis e4b1cadf63 Use nvidia_modprobe named profile inside opencl-nvidia abstraction 
Commit 8f9bd5b0e3 rightfully removed PUx
transition into nvidia-modprobe executable due to security concerns. To
overcome this, commit 327420b151 added
named nvidia_modprobe profile, which allows to use this abstraction
without requiring additional rules to make OpenCL work with NVIDIA
drivers.

Add rule to allow Px transition into nvidia_modprobe profile for
nvidia-modprobe executable.
2018-10-03 19:59:21 +03:00

30 lines
781 B
Text
Raw Blame History

# vim:syntax=apparmor
# OpenCL access requirements for NVIDIA implementation
#include <abstractions/nvidia>
#include <abstractions/opencl-common>
# Executables
# https://github.com/NVIDIA/nvidia-modprobe
# This setuid executable is used to create various device files and load the
# the nvidia kernel module.
/usr/bin/nvidia-modprobe Px -> nvidia_modprobe,
# System files
# libnvidia-opencl.so rules:
/dev/nvidia-uvm rw,
/dev/nvidia-uvm-tools rw,
/sys/devices/pci[0-9]*/**/config r,
/sys/devices/system/memory/block_size_bytes r,
/usr/share/nvidia/** r,
@{PROC}/devices r,
@{PROC}/sys/vm/mmap_min_addr r,
# User files
owner @{HOME}/.nv/ComputeCache/ w,
owner @{HOME}/.nv/ComputeCache/** rw,
owner @{HOME}/.nv/ComputeCache/index rwk,
Reference in a new issue View git blame Copy permalink