# vim:syntax=apparmor
# nvidia access requirements
  
  # configuration queries
  capability ipc_lock,

  /usr/share/nvidia/nvidia-application-profiles* r,

  # libvdpau config file for nvidia workarounds
  /etc/vdpau_wrapper.cfg r,

  # device files
  /dev/nvidiactl rw,
  /dev/nvidia-modeset rw,
  /dev/nvidia[0-9]* rw,

  @{PROC}/interrupts r,
  @{PROC}/sys/vm/max_map_count r,
  @{PROC}/driver/nvidia/params r,
  @{PROC}/modules r,

  @{sys}/devices/system/memory/block_size_bytes r,

  owner @{HOME}/.nv/ w,
  owner @{HOME}/.nv/GLCache/ rw,
  owner @{HOME}/.nv/GLCache/** rwk,

  unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),