remove leading whitespace in apparmor policy in opengl interface

snapcore · Dec 5, 2017 · 6b8f3ee · 6b8f3ee
1 parent 82616ef
commit 6b8f3ee
Showing 1 changed file with 54 additions and 54 deletions.
diff --git a/interfaces/builtin/opengl.go b/interfaces/builtin/opengl.go
@@ -31,60 +31,60 @@ const openglBaseDeclarationSlots = `
 const openglConnectedPlugAppArmor = `
 # Description: Can access opengl.
 
-  # specific gl libs
-  /var/lib/snapd/lib/gl{,32}/ r,
-  /var/lib/snapd/lib/gl{,32}/** rm,
-
-  # Supports linux-driver-management from Solus (staged symlink trees into libdirs)
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}glx-provider/**.so{,.*}  rm,
-
-  # Bi-arch distribution nvidia support
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcuda*.so{,.*} rm,
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnvidia*.so{,.*} rm,
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnvcuvid.so{,.*} rm,
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}lib{GL,EGL}*nvidia.so{,.*} rm,
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libGLdispatch.so{,.*} rm,
-
-  # Support reading the Vulkan ICD files
-  /var/lib/snapd/lib/vulkan/ r,
-  /var/lib/snapd/lib/vulkan/** r,
-  /var/lib/snapd/hostfs/usr/share/vulkan/icd.d/*nvidia*.json r,
-
-  # Main bi-arch GL libraries
-  /var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}lib{GL,EGL}.so{,.*} rm,
-
-  /dev/dri/ r,
-  /dev/dri/card0 rw,
-  # nvidia
-  @{PROC}/driver/nvidia/params r,
-  @{PROC}/modules r,
-  /dev/nvidia* rw,
-  unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
-
-  # eglfs
-  /dev/vchiq rw,
-
-  # /sys/devices
-  /sys/devices/pci[0-9]*/**/config r,
-  /sys/devices/pci[0-9]*/**/revision r,
-  /sys/devices/pci[0-9]*/**/{,subsystem_}device r,
-  /sys/devices/pci[0-9]*/**/{,subsystem_}vendor r,
-  /sys/devices/**/drm{,_dp_aux_dev}/** r,
-
-  # FIXME: this is an information leak and snapd should instead query udev for
-  # the specific accesses associated with the above devices.
-  /sys/bus/pci/devices/ r,
-  /sys/bus/platform/devices/soc:gpu/ r,
-  /run/udev/data/+drm:card* r,
-  /run/udev/data/+pci:[0-9]* r,
-  /run/udev/data/+platform:soc:gpu* r,
-
-  # FIXME: for each device in /dev that this policy references, lookup the
-  # device type, major and minor and create rules of this form:
-  # /run/udev/data/<type><major>:<minor> r,
-  # For now, allow 'c'haracter devices and 'b'lock devices based on
-  # https://www.kernel.org/doc/Documentation/devices.txt
-  /run/udev/data/c226:[0-9]* r,  # 226 drm
+# specific gl libs
+/var/lib/snapd/lib/gl{,32}/ r,
+/var/lib/snapd/lib/gl{,32}/** rm,
+
+# Supports linux-driver-management from Solus (staged symlink trees into libdirs)
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}glx-provider/**.so{,.*}  rm,
+
+# Bi-arch distribution nvidia support
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcuda*.so{,.*} rm,
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnvidia*.so{,.*} rm,
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnvcuvid.so{,.*} rm,
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}lib{GL,EGL}*nvidia.so{,.*} rm,
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libGLdispatch.so{,.*} rm,
+
+# Support reading the Vulkan ICD files
+/var/lib/snapd/lib/vulkan/ r,
+/var/lib/snapd/lib/vulkan/** r,
+/var/lib/snapd/hostfs/usr/share/vulkan/icd.d/*nvidia*.json r,
+
+# Main bi-arch GL libraries
+/var/lib/snapd/hostfs/{,usr/}lib{,32,64,x32}/{,@{multiarch}/}lib{GL,EGL}.so{,.*} rm,
+
+/dev/dri/ r,
+/dev/dri/card0 rw,
+# nvidia
+@{PROC}/driver/nvidia/params r,
+@{PROC}/modules r,
+/dev/nvidia* rw,
+unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
+
+# eglfs
+/dev/vchiq rw,
+
+# /sys/devices
+/sys/devices/pci[0-9]*/**/config r,
+/sys/devices/pci[0-9]*/**/revision r,
+/sys/devices/pci[0-9]*/**/{,subsystem_}device r,
+/sys/devices/pci[0-9]*/**/{,subsystem_}vendor r,
+/sys/devices/**/drm{,_dp_aux_dev}/** r,
+
+# FIXME: this is an information leak and snapd should instead query udev for
+# the specific accesses associated with the above devices.
+/sys/bus/pci/devices/ r,
+/sys/bus/platform/devices/soc:gpu/ r,
+/run/udev/data/+drm:card* r,
+/run/udev/data/+pci:[0-9]* r,
+/run/udev/data/+platform:soc:gpu* r,
+
+# FIXME: for each device in /dev that this policy references, lookup the
+# device type, major and minor and create rules of this form:
+# /run/udev/data/<type><major>:<minor> r,
+# For now, allow 'c'haracter devices and 'b'lock devices based on
+# https://www.kernel.org/doc/Documentation/devices.txt
+/run/udev/data/c226:[0-9]* r,  # 226 drm
 `
 
 // The nvidia modules don't use sysfs (therefore they can't be udev tagged) and