From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 23 Apr 2017 09:15:36 -0400 Subject: [refpolicy] s/apm/acpi/g In-Reply-To: <201704221722.19418.russell@coker.com.au> References: <201704221722.19418.russell@coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/22/2017 03:22 AM, Russell Coker via refpolicy wrote: > https://en.wikipedia.org/wiki/Advanced_Power_Management > > It has been a long time since APM was used much. Wikipedia says that APM > hasn't been fully functional in Linux since kernel 3.3 (that means it wouldn't > have worked in Debian/Jessie). It might work in the RHEL6 kernel which is > still supported but RHEL6 doesn't include the apmd package. The domain apmd_t > is used for running acpid and it seems impossible to run apmd on any supported > distribution. > > I think it would be a good idea to rename the domain and the types of the files > that it uses to reflect the fact that it's used for ACPI nowadays. > > As the feature set of ACPI is a super-set of APM (and implemented in a more > complex manner too) it's most likely that policy which works for acpid will > also permit apmd to do whatever it wants. But it probably hasn't been tested > for 10 years or more so probably no-one knows. > > You can expect the apmd_t domain to work well for acpid because it's tested > with that all the time. If you manage to get a distribution with working APM > support (Debian/Wheezy or something older) and hardware that supports it > (Windows XP was the last MS release that supported it so new hardware wouldn't > have APM support tested) then there's no guarantee that apmd_t has the > permissions needed to run it. This is a good point. I'd take a patch for this. -- Chris PeBenito