From fe421f69525594fc05d30d1afe21c7db6a8f09b3 Mon Sep 17 00:00:00 2001
From: Olivier Tilloy <olivier.tilloy@canonical.com>
Date: Mon, 6 Mar 2017 19:46:43 +0100
Subject: [PATCH 1/2] Update nvidia abstraction for newer nvidia drivers.

---
 profiles/apparmor.d/abstractions/nvidia | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
index 9cb859b27..4fa210302 100644
--- a/profiles/apparmor.d/abstractions/nvidia
+++ b/profiles/apparmor.d/abstractions/nvidia
@@ -8,8 +8,7 @@
   /etc/vdpau_wrapper.cfg r,
 
   # device files
-  /dev/nvidia0    rw,
-  /dev/nvidiactl  rw,
+  /dev/nvidia*    rw,
 
   @{PROC}/interrupts r,
   @{PROC}/sys/vm/max_map_count r,
@@ -18,3 +17,5 @@
 
   owner @{HOME}/.nv/GLCache/ r,
   owner @{HOME}/.nv/GLCache/** rwk,
+
+  unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),

From 71566d36e3c9ba23c8da8194ebdd934cdbe9ffad Mon Sep 17 00:00:00 2001
From: Olivier Tilloy <olivier.tilloy@canonical.com>
Date: Mon, 6 Mar 2017 19:59:43 +0100
Subject: [PATCH 2/2] Specify device nodes instead of being too permissive.

---
 profiles/apparmor.d/abstractions/nvidia | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
index 4fa210302..5e182a653 100644
--- a/profiles/apparmor.d/abstractions/nvidia
+++ b/profiles/apparmor.d/abstractions/nvidia
@@ -8,7 +8,9 @@
   /etc/vdpau_wrapper.cfg r,
 
   # device files
-  /dev/nvidia*    rw,
+  /dev/nvidiactl rw,
+  /dev/nvidia-modeset rw,
+  /dev/nvidia[0-9]* rw,
 
   @{PROC}/interrupts r,
   @{PROC}/sys/vm/max_map_count r,