LinuxLists.cc - [refpolicy] Make refpolicy aware of the secure_firmware avperm of the capability2 security class

2012-09-08 08:33:09

by dominick.grift

[permalink] [raw]

Subject: [refpolicy] Make refpolicy aware of the secure_firmware avperm of the capability2 security class

Can we define that in refpolicy because vbetool needs it

http://git.fedorahosted.org/cgit/selinux-policy.git/commit/?h=master_contrib&id=ede99cf27691bc1f3ddb95059388315f31c5210b

2012-09-10 14:50:58

by Stephen Smalley

[permalink] [raw]

Subject: [refpolicy] Make refpolicy aware of the secure_firmware avperm of the capability2 security class

On Sat, 2012-09-08 at 10:33 +0200, Dominick Grift wrote:
> Can we define that in refpolicy because vbetool needs it
>
> http://git.fedorahosted.org/cgit/selinux-policy.git/commit/?h=master_contrib&id=ede99cf27691bc1f3ddb95059388315f31c5210b

Not until it gets defined in the mainline kernel. Discussions on lkml
suggest that it won't have that name if/when it gets merged.

--
Stephen Smalley
National Security Agency

2012-09-10 14:59:05

[permalink] [raw]

Subject: [refpolicy] Make refpolicy aware of the secure_firmware avperm of the capability2 security class

On 09/10/12 10:50, Stephen Smalley wrote:
> On Sat, 2012-09-08 at 10:33 +0200, Dominick Grift wrote:
>> Can we define that in refpolicy because vbetool needs it
>>
>> http://git.fedorahosted.org/cgit/selinux-policy.git/commit/?h=master_contrib&id=ede99cf27691bc1f3ddb95059388315f31c5210b
>
> Not until it gets defined in the mainline kernel. Discussions on lkml
> suggest that it won't have that name if/when it gets merged.

Agreed.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com