selinux-refpolicy/targeted/domains/program/cpucontrol.te

18 lines
482 B
Plaintext

#DESC cpucontrol - domain for microcode_ctl and other programs to control CPU
#
# Author: Russell Coker <russell@coker.com.au>
#
type cpucontrol_conf_t, file_type, sysadmfile;
daemon_base_domain(cpucontrol)
# Access cpu devices.
allow cpucontrol_t cpu_device_t:chr_file rw_file_perms;
allow cpucontrol_t device_t:lnk_file { getattr read };
allow initrc_t cpu_device_t:chr_file getattr;
allow cpucontrol_t self:capability sys_rawio;
r_dir_file(cpucontrol_t, cpucontrol_conf_t)