From 4982ff104ddf57c7e92d4fcff5f33437bf71cbaa Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 13 Sep 2025 12:03:00 +0200 Subject: [PATCH] feat(profile): remove rules not needed anymore Moved into the nvidia-strict abs. --- apparmor.d/profiles-m-r/nvidia-settings | 2 -- apparmor.d/profiles-m-r/nvidia-smi | 2 -- apparmor.d/profiles-m-r/nvtop | 3 +-- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/apparmor.d/profiles-m-r/nvidia-settings b/apparmor.d/profiles-m-r/nvidia-settings index 771bbb3b6..893770a4b 100644 --- a/apparmor.d/profiles-m-r/nvidia-settings +++ b/apparmor.d/profiles-m-r/nvidia-settings @@ -33,8 +33,6 @@ profile nvidia-settings @{exec_path} flags=(attach_disconnected) { /dev/char/@{dynamic}:@{int} w, # For dynamic assignment range 234 to 254, 384 to 511 /dev/nvidia-caps/ rw, /dev/nvidia-caps/nvidia-cap@{int} r, - /dev/nvidia-uvm rw, - /dev/nvidia-uvm-tools r, include if exists } diff --git a/apparmor.d/profiles-m-r/nvidia-smi b/apparmor.d/profiles-m-r/nvidia-smi index 1d6d62e2b..eb42bd59b 100644 --- a/apparmor.d/profiles-m-r/nvidia-smi +++ b/apparmor.d/profiles-m-r/nvidia-smi @@ -26,8 +26,6 @@ profile nvidia-smi @{exec_path} { /dev/char/@{dynamic}:@{int} w, # For dynamic assignment range 234 to 254, 384 to 511 /dev/nvidia-caps/ rw, /dev/nvidia-caps/nvidia-cap@{int} rw, - /dev/nvidia-uvm rw, - /dev/nvidia-uvm-tools r, include if exists } diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index d0553d186..fc51b5b9e 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -10,7 +10,7 @@ include profile nvtop @{exec_path} flags=(attach_disconnected) { include include - include + include include capability sys_ptrace, @@ -54,7 +54,6 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { @{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/dri/ r, /dev/nvidia-caps/ rw, /dev/nvidia-caps/nvidia-cap@{int} rw,