mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

nvidia_modprobe: allow reading driver parameters

Browse Source 
On Debian Sid nvidia_modprobe is not permissive enough:

```
type=AVC msg=audit(1598788812.837:495): apparmor="DENIED"
operation="open" profile="nvidia_modprobe"
name="/proc/driver/nvidia/params" pid=31586 comm="nvidia-modprobe"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```

Update profile to all reading /proc/driver/nvidia/params

Fixes Debian bug 969267 [0]

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969267
This commit is contained in:
Vincas Dargis
2020-08-30 19:24:29 +03:00
parent 398bb20dfd
commit a98a4f734f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/apparmor.d/nvidia_modprobe
View File

@@ -29,6 +29,7 @@ profile nvidia_modprobe {
@{sys}/bus/pci/devices/ r,
@{sys}/devices/pci[0-9]*/**/config r,
@{PROC}/devices r,
@{PROC}/driver/nvidia/params r,
@{PROC}/modules r,
@{PROC}/sys/kernel/modprobe r,