Firefox 137 from ppa on Ubuntu 25.04 has apparmor policy that will block the driver from working

[philipl]

This is an FYI, and not a bug report per se. The driver isn't doing anything wrong.

The Mozilla Team PPA has a build of Firefox 137 but only for Ubuntu 25.04. Earlier versions of Ubuntu appear to only get 136.

This new 137 build includes a much more locked down apparmor policy that will cause VAAPI to fail in general, but there are additional rules required to make the nvidia driver work.

I needed to add the following to remove all the apparmor audit complaints. Some of them may not be fatal - I didn't check that.

I couldn't find a way to file a bug against the PPA, which is really what needs to happen, but this information will be helpful for any other Ubuntu users.

Content for /etc/apparmor.d/local/usr.bin.firefox

/dev/dri/** rw,
/dev/nvidia* rw,
/dev/char/195:* rw,
/dev/char/511:* rw,
/proc/sys/** rw,
owner @{PROC}/[0-9]*/task/[0-9]*/ rw,
owner @{PROC}/[0-9]*/task/[0-9]*/comm rw,
/proc/devices r,
/proc/driver/nvidia/** r,
/proc/version r,
/sys/devices/system/memory/block_size_bytes r,
/usr/bin/nvidia-modprobe ix,
/sys/devices/**/cpumap r,
/sys/devices/**/numa_node r,
/path/to/nvidia_drv_video.so rm,