From 71566d36e3c9ba23c8da8194ebdd934cdbe9ffad Mon Sep 17 00:00:00 2001
From: Olivier Tilloy <olivier.tilloy@canonical.com>
Date: Mon, 6 Mar 2017 19:59:43 +0100
Subject: [PATCH] Specify device nodes instead of being too permissive.

---
 profiles/apparmor.d/abstractions/nvidia | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
index 4fa210302..5e182a653 100644
--- a/profiles/apparmor.d/abstractions/nvidia
+++ b/profiles/apparmor.d/abstractions/nvidia
@@ -8,7 +8,9 @@
   /etc/vdpau_wrapper.cfg r,
 
   # device files
-  /dev/nvidia*    rw,
+  /dev/nvidiactl rw,
+  /dev/nvidia-modeset rw,
+  /dev/nvidia[0-9]* rw,
 
   @{PROC}/interrupts r,
   @{PROC}/sys/vm/max_map_count r,