You probably don’t want to add bluez to your plugs, the webbluetooth API is somewhat questionable and sparked some controversies:
The nvidia thing needs to be looked at by someone who might now why the driver might be doing a mmap.
@jdstrand does this change make sense?
diff --git a/interfaces/builtin/opengl.go b/interfaces/builtin/opengl.go
index 93ccfa3e1..0e8b50747 100644
--- a/interfaces/builtin/opengl.go
+++ b/interfaces/builtin/opengl.go
@@ -59,7 +59,7 @@ const openglConnectedPlugAppArmor = `
/etc/vdpau_wrapper.cfg r,
@{PROC}/driver/nvidia/params r,
@{PROC}/modules r,
-/dev/nvidia* rw,
+/dev/nvidia* rwm,
unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
# eglfs