https://en.wikipedia.org/wiki/Advanced_Power_Management
It has been a long time since APM was used much. Wikipedia says that APM
hasn't been fully functional in Linux since kernel 3.3 (that means it wouldn't
have worked in Debian/Jessie). It might work in the RHEL6 kernel which is
still supported but RHEL6 doesn't include the apmd package. The domain apmd_t
is used for running acpid and it seems impossible to run apmd on any supported
distribution.
I think it would be a good idea to rename the domain and the types of the files
that it uses to reflect the fact that it's used for ACPI nowadays.
As the feature set of ACPI is a super-set of APM (and implemented in a more
complex manner too) it's most likely that policy which works for acpid will
also permit apmd to do whatever it wants. But it probably hasn't been tested
for 10 years or more so probably no-one knows.
You can expect the apmd_t domain to work well for acpid because it's tested
with that all the time. If you manage to get a distribution with working APM
support (Debian/Wheezy or something older) and hardware that supports it
(Windows XP was the last MS release that supported it so new hardware wouldn't
have APM support tested) then there's no guarantee that apmd_t has the
permissions needed to run it.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On 04/22/2017 03:22 AM, Russell Coker via refpolicy wrote:
> https://en.wikipedia.org/wiki/Advanced_Power_Management
>
> It has been a long time since APM was used much. Wikipedia says that APM
> hasn't been fully functional in Linux since kernel 3.3 (that means it wouldn't
> have worked in Debian/Jessie). It might work in the RHEL6 kernel which is
> still supported but RHEL6 doesn't include the apmd package. The domain apmd_t
> is used for running acpid and it seems impossible to run apmd on any supported
> distribution.
>
> I think it would be a good idea to rename the domain and the types of the files
> that it uses to reflect the fact that it's used for ACPI nowadays.
>
> As the feature set of ACPI is a super-set of APM (and implemented in a more
> complex manner too) it's most likely that policy which works for acpid will
> also permit apmd to do whatever it wants. But it probably hasn't been tested
> for 10 years or more so probably no-one knows.
>
> You can expect the apmd_t domain to work well for acpid because it's tested
> with that all the time. If you manage to get a distribution with working APM
> support (Debian/Wheezy or something older) and hardware that supports it
> (Windows XP was the last MS release that supported it so new hardware wouldn't
> have APM support tested) then there's no guarantee that apmd_t has the
> permissions needed to run it.
This is a good point. I'd take a patch for this.
--
Chris PeBenito