Disable for java?
Fred Harris
frharris27 at yahoo.com
Fri May 5 15:31:26 UTC 2006
Thanks for replying.
Bruno, I tried doing what you said, but had to use
setsebool -P allow_execmem true ('true' instead of 'on')
is that the same thing? I think it was already enabled anyway.
The problem I'm getting is with message logging, not with
enabling.
Paul, the messages I'm getting are the following.
>>>
May 4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc: granted { execmem } for pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=process
<<<
Why would installing in other than /opt make a difference? I used to install in
/usr/java, but Fedora says that /opt is where you should install a comprehensive
package like the JDK. I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.
How do you update to the latest policy for SELinux? I yumed to the latest Kernel. I can't find a package for SELinux, though.
I think I'm not getting some very basic stuff about working with SELinux. It's pretty confusing to me. I've searched most of the FAQs and explanations
I can find on Google. Is there a simple, good link that explains it all? For instance I have this basic question about whether or not you can turn off
monitoring for a specific application like java_home/bin/java. It seems to me that something like that would be absolutely necessary while apps get up to speed with SELinux.
Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060505/7cbb362b/attachment.htm>
More information about the fedora-selinux-list
mailing list