Yes, in theory we could confine cpufreq-selector to only be able to read and write the relevant files in /sys/devices/system/cpu/cpu*/cpufreq/*, maybe read some configuration files, and not much else. If the suid root part is a very small program which just does that one thing, it should be easy to create an apparmor profile. Judging by the file size and linked libraries, this seems to be the case.
-- /usr/bin/cpufreq-selector should have different access permissions https://bugs.launchpad.net/bugs/23768 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
