[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to get an SELinux policy change



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jerry James wrote:
> I'm working on getting GCL to run again.  The current Debian patch
> (which is enormous) fixes most problems, but not the long-running
> SELinux problem that GCL has had.  I took a hint from a thread on this
> list a couple of months ago.  I let make run until it crashed due to a
> denied mprotect() call, did chcon -t java_exec_t on the binaries, and
> restarted the make.  It completed successfully.  I can patch the
> makefile to do the chcon call in the right place, but I'm worried
> about getting the right security context on installation now.  First,
> is using java_exec_t in this way acceptable?  Second, if so, how do I
> ask for Fedora's policy to reflect that: bugzilla, request on this
> list, some other list?  Thanks,
You can get the context of the final destination of the file using

chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl

Which seems to be a fine way of doing. this.

Of course I am guessing that gcl is the name of the executable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkSAAoACgkQrlYvE4MpobMH5gCbBjXxGYUFEsELC3bi3dOwEXEy
TxcAoOs5vcMsDnUwHPmAZP05G/76273D
=tQE6
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]