[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disable for java?

Fred Harris wrote:
Thanks for replying.

Bruno, I tried doing what you said, but had to use
setsebool -P allow_execmem true ('true' instead of 'on')

is that the same thing? I think it was already enabled anyway. The problem I'm getting is with message logging, not with

Paul, the messages I'm getting are the following. >>> May 4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc: granted { execmem } for pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=process

Why would installing in other than /opt make a difference? I used to install in /usr/java, but Fedora says that /opt is where you should install a comprehensive
package like the JDK.  I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.

How do you update to the latest policy for SELinux? I yumed to the latest Kernel. I can't find a package for SELinux, though. I think I'm not getting some very basic stuff about working with SELinux. It's pretty confusing to me. I've searched most of the FAQs and explanations I can find on Google. Is there a simple, good link that explains it all? For instance I have this basic question about whether or not you can turn off monitoring for a specific application like java_home/bin/java. It seems to me that something like that would be absolutely necessary while apps get itup to speed with SELinux.

To update selinux policy you need to execute
yum upgrade selinux-policy
The latest policy should not be showing the "granted"s.

What is the context of the java executable

ls -lZ PATHTO/java

If it is not java_exec_t then do

chcon -t java_exec_t PATHTO/java


Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around


fedora-selinux-list mailing list
fedora-selinux-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]