> Actually I meant to say
>
> The -i option requires write permission to the destination.
>
> It does not require secpolicy_ucode_update() privilege.
>
> Does that create a way for a user with privilege less than
> secpolicy_ucode_update() to arrange to update microcode by writing it
> to the location from which it will be read on a subsequent boot and
> then rebooting?
>
> -- Glenn
Yes. If a system allows a user with privilege less than
secpolicy_ucode_update() to write to /platform/i86pc/ucode, which is of
the following mode,
d none platform/i86pc/ucode 755 root sys
then this user will be able to arrange microcode update by writing it
to the location to be used on subsequent boot.
Thanks,
Sherry
