1# Only allow gpu ioctl commands that have been demonstrated to be necessary.
2allowxperm { appdomain -isolated_app } gpu_device:chr_file
3  ioctl { gpu_used_ioctls unpriv_tty_ioctls };
4