After the recent creation of the new "firmware_t" type, cpucontrol_t should
be able to search "firmware_t" directories in order to successfully load
the CPU microcode.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/cpucontrol.te | 2 ++
1 file changed, 2 insertions(+)
--- refpolicy-git-06082016-orig/policy/modules/contrib/cpucontrol.te 2016-08-06 21:56:16.079262965 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/cpucontrol.te 2016-08-08 18:52:28.199349387 +0200
@@ -78,6 +78,8 @@ kernel_read_proc_symlinks(cpucontrol_t)
dev_read_sysfs(cpucontrol_t)
dev_rw_cpu_microcode(cpucontrol_t)
+files_search_firmware(cpucontrol_t)
+
optional_policy(`
rhgb_use_ptys(cpucontrol_t)
')
Cpucontrol should be able to search /lib dirs for microcode data files.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/cpucontrol.te | 3 +++
1 file changed, 3 insertions(+)
--- refpolicy-git-06082016-orig/policy/modules/contrib/cpucontrol.te 2016-08-06
21:56:16.079262965 +0200
+++ refpolicy-git-06082016/policy/modules/contrib/cpucontrol.te 2016-08-13
23:36:22.235497464 +0200
@@ -78,6 +79,8 @@ kernel_read_proc_symlinks(cpucontrol_t)
dev_read_sysfs(cpucontrol_t)
dev_rw_cpu_microcode(cpucontrol_t)
+libs_search_lib(cpucontrol_t)
+
optional_policy(`
rhgb_use_ptys(cpucontrol_t)
')
On 08/14/2016 12:05 AM, Guido Trentalancia wrote:
> Cpucontrol should be able to search /lib dirs for microcode data files.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/cpucontrol.te | 3 +++
> 1 file changed, 3 insertions(+)
>
> --- refpolicy-git-06082016-orig/policy/modules/contrib/cpucontrol.te 2016-08-06
> 21:56:16.079262965 +0200
> +++ refpolicy-git-06082016/policy/modules/contrib/cpucontrol.te 2016-08-13
> 23:36:22.235497464 +0200
> @@ -78,6 +79,8 @@ kernel_read_proc_symlinks(cpucontrol_t)
> dev_read_sysfs(cpucontrol_t)
> dev_rw_cpu_microcode(cpucontrol_t)
>
> +libs_search_lib(cpucontrol_t)
> +
Most likely redundant. Try not to assume.
> optional_policy(`
> rhgb_use_ptys(cpucontrol_t)
> ')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160814/475a7cf5/attachment.bin
This patch is now dropped, as the firmware_t type is not going to be
created anymore.