Skip to content

Commit

Permalink
lsm: ensure we can read dmi
Browse files Browse the repository at this point in the history 
Signed-off-by: Morten Linderud <[email protected]>
  • Loading branch information
@Foxboron
Foxboron committed Jul 31, 2024
1 parent 61f9180 commit 086e24a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions lsm/lsm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ func LandlockRulesFromConfig(conf *config.Config) {
// It seems to me that RWFiles should work on efivars, but it doesn't.
// TODO: Lock this down to induvidual files?
"/sys/firmware/efi/efivars/",
"/sys/devices/virtual/dmi/id/",
).IgnoreIfMissing(),
landlock.ROFiles(
"/sys/kernel/security/tpm0/binary_bios_measurements",
Expand Down

0 comments on commit 086e24a

Please sign in to comment.