Disable for java?

Fred Harris frharris27 at yahoo.com
Fri May 5 15:31:26 UTC 2006


   Thanks for replying. 

Bruno, I tried doing what you said, but had to use 

setsebool -P allow_execmem true ('true' instead of 'on')

is that the same thing?  I think it was already enabled anyway. 
The problem I'm getting is with message logging, not with
enabling.

Paul, the messages I'm getting are the following.  

>>>
May  4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc:  granted  { execmem } for  pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=process
<<<

Why would installing in other than /opt make a difference?  I used to install in
/usr/java, but Fedora says that /opt is where you should install a comprehensive
package like the JDK.  I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.

How do you update to the latest policy for SELinux?  I  yumed to the latest Kernel.  I can't find a package for SELinux, though.  

I think I'm not getting some very basic stuff about working with SELinux.  It's pretty  confusing to me.  I've searched most of the FAQs and explanations
I can find on Google.  Is there a simple, good link that explains it all?  For instance I have this basic question about whether or not you can turn off
monitoring for a specific application like java_home/bin/java.  It seems to me that  something like that would be absolutely necessary while apps get up to speed with SELinux.  


Thanks.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060505/7cbb362b/attachment.htm>


More information about the fedora-selinux-list mailing list