#include <tunables/global>

profile nvidia-ai-workbench "/opt/NVIDIA AI Workbench/nvidia-ai-workbench" flags=(unconfined) {
  userns,

  #include <abstractions/base>
  #include if exists <abstractions/electron>
  #include if exists <abstractions/ubuntu-browsers>
  #include if exists <abstractions/ubuntu-core>
  #include <abstractions/openssl>
  #include <abstractions/nameservice>
  #include <abstractions/fonts>
  #include <abstractions/audio>
  #include <abstractions/gnome>
  #include <abstractions/openssl>

  # Application specific paths
  /opt/nvidia/ai-workbench/** rw,
  /usr/share/nvidia/ai-workbench/** r,
  /usr/lib/nvidia/ai-workbench/** r,
  /usr/bin/nvidia-ai-workbench r,
  
  # Allow access to user's home directory for project files
  @{HOME}/.nvidia/ai-workbench/** rw,
  @{HOME}/.config/nvidia/ai-workbench/** rw,
  @{HOME}/.local/share/nvidia/ai-workbench/** rw,
  @{HOME}/.cache/nvidia/ai-workbench/** rw,
  
  # Allow access to system libraries
  /usr/lib/** r,
  /lib/** r,
  /usr/share/** r,
  
  # Allow access to system configuration
  /etc/** r,
  
  # Allow access to GPU devices
  /dev/dri/** rw,
  /dev/nvidiactl rw,
  /dev/nvidia0 rw,
  /dev/nvidia-modeset rw,
  /dev/nvidia* rw,
  
  # Allow access to network
  network inet stream,
  network inet6 stream,
  network inet dgram,
  network inet6 dgram,
  
  # Allow access to X11
  /tmp/.X11-unix/X* rw,
  /run/user/*/wayland-* rw,
  /run/user/*/bus rw,
  
  # Allow access to system information
  /proc/self/** r,
  /sys/devices/** r,
  /sys/class/** r,
  /sys/bus/** r,
  /sys/module/** r,
  
  # Allow access to shared memory
  /dev/shm/** rw,
  
  # Allow access to system time
  /etc/localtime r,
}