From 291713d90298b2f731cea841a5cf358d9ddd8f45 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 23 Mar 2025 15:24:05 +0100
Subject: [PATCH] feat(profile): add nvidia-uvm to the gstreamer abs.

- Needed internally by multiqueue
- Lots of program using gstreamer was requiring it
---
 apparmor.d/abstractions/gstreamer                   | 5 +++++
 apparmor.d/groups/gnome/org.gnome.NautilusPreviewer | 3 ---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer
index 1cf8869c4..10655740a 100644
--- a/apparmor.d/abstractions/gstreamer
+++ b/apparmor.d/abstractions/gstreamer
@@ -52,14 +52,19 @@
   @{sys}/devices/@{pci}/config r,
   @{sys}/devices/@{pci}/descriptors r,
   @{sys}/devices/@{pci}/devnum r,
+  @{sys}/devices/@{pci}/numa_node r,
   @{sys}/devices/@{pci}/speed r,
   @{sys}/devices/@{pci}/uevent r,
   @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/cpumap r,
   @{sys}/devices/system/node/node@{int}/meminfo r,
 
+  @{PROC}/devices r,
+
   /dev/ r,
   /dev/bus/usb/ r,
   /dev/dri/ r,
+  /dev/nvidia-uvm rw,
 
   include if exists <abstractions/gstreamer.d>
 
diff --git a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
index cdc563e07..db440bf4c 100644
--- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
+++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
@@ -39,12 +39,10 @@ profile org.gnome.NautilusPreviewer @{exec_path} flags=(attach_disconnected) {
 
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
-  @{sys}/devices/system/node/node@{int}/cpumap r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/*org.gnome.NautilusPreviewer.slice/*/memory.* r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
 
         @{PROC}/1/cgroup r,
-        @{PROC}/devices r,
         @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
@@ -54,7 +52,6 @@ profile org.gnome.NautilusPreviewer @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/task/@{tid}/stat r,
 
   /dev/media@{int} r,
-  /dev/nvidia-uvm rw,
 
   include if exists <local/org.gnome.NautilusPreviewer>
 }