4 Commits

Author	SHA1	Message	Date
Vincas Dargis	dab520aae9	nvidia_modprobe: allow creating /dev/nvidia-modeset ... On Debian Sid we get this denial: ``` type=AVC msg=audit(1599065006.981:527): apparmor="DENIED" operation="mknod" profile="nvidia_modprobe" name="/dev/nvidia-modeset" pid=12969 comm="nvidia-modprobe" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 ``` Update nvidia_modprobe profile to allow creating device file. (cherry picked from commit e6dbe3bfd3) Signed-off-by: John Johansen <john.johansen@canonical.com>	2020-09-03 11:04:15 -07:00
Christian Boltz	2a3752c4c4	Merge branch 'update-nvidia-modprobe' into 'master' ... nvidia_modprobe: allow reading driver parameters See merge request apparmor/apparmor!603 Acked-by: Christian Boltz <apparmor@cboltz.de> for master and 2.13 (cherry picked from commit 112e2bc9fb) a98a4f73 nvidia_modprobe: allow reading driver parameters	2020-08-30 18:49:54 +00:00
Vincas Dargis	41ff006f3d	Use @{sys} tunable in profiles and abstractions ... Commit aa06528790 made @{sys} tunable available by default. Update profiles and abstractions to actually use @{sys} tunable for better confinement in the future (when @{sys} becomes kernel var). Closes LP#1728551	2018-11-11 10:18:31 +02:00
Vincas Dargis	a70c80a80f	Add nvidia_modprobe named profile ... nvidia-modprobe is setuid executable is used to create various device files and load the the NVIDIA kernel module (https://github.com/NVIDIA/nvidia-modprobe). Add named profile to be used in application profiles for confining potentially risky setuid application. PR: https://gitlab.com/apparmor/apparmor/merge_requests/213 (cherry picked from commit 327420b151) Signed-off-by: John Johansen <john.johansen@canonical.com>	2018-10-04 23:54:50 -07:00