[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disable for java?

Thanks for replying.

Bruno, I tried doing what you said, but had to use
setsebool -P allow_execmem true ('true' instead of 'on')

is that the same thing? I think it was already enabled anyway.
The problem I'm getting is with message logging, not with

Paul, the messages I'm getting are the following.
May  4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc:  granted  { execmem } for  pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=process

Why would installing in other than /opt make a difference?  I used to install in
/usr/java, but Fedora says that /opt is where you should install a comprehensive
package like the JDK.  I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.

How do you update to the latest policy for SELinux?  I yumed to the latest Kernel.  I can't find a package for SELinux, though. 

I think I'm not getting some very basic stuff about working with SELinux.  It's pretty  confusing to me.  I've searched most of the FAQs and explanations
I can find on Google.  Is there a simple, good link that explains it all?  For instance I have this basic question about whether or not you can turn off
monitoring for a specific application like java_home/bin/java.  It seems to me that  something like that would be absolutely necessary while apps get up to speed with SELinux. 


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]