[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disable for java?



Fred Harris wrote:
Thanks for replying.

Bruno, I tried doing what you said, but had to use
setsebool -P allow_execmem true ('true' instead of 'on')

is that the same thing? I think it was already enabled anyway. The problem I'm getting is with message logging, not with
enabling.

Paul, the messages I'm getting are the following. >>> May 4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc: granted { execmem } for pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=process
<<<

Why would installing in other than /opt make a difference? I used to install in /usr/java, but Fedora says that /opt is where you should install a comprehensive
package like the JDK.  I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.

How do you update to the latest policy for SELinux? I yumed to the latest Kernel. I can't find a package for SELinux, though. I think I'm not getting some very basic stuff about working with SELinux. It's pretty confusing to me. I've searched most of the FAQs and explanations I can find on Google. Is there a simple, good link that explains it all? For instance I have this basic question about whether or not you can turn off monitoring for a specific application like java_home/bin/java. It seems to me that something like that would be absolutely necessary while apps get itup to speed with SELinux.

Thanks.
To update selinux policy you need to execute
yum upgrade selinux-policy
The latest policy should not be showing the "granted"s.

What is the context of the java executable

ls -lZ PATHTO/java

If it is not java_exec_t then do

chcon -t java_exec_t PATHTO/java

Dan



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]