java processbuilder and SELinux
Christoph Höger
choeger at cs.tu-berlin.de
Tue Aug 4 16:18:25 UTC 2009
Hi,
I found that (somehow quite old googling brought up fc3) issue on my f10
desktop:
I have a self compiled (proprietary - so no SELinux policy available)
program in my home dir. Running it via a terminal works fine. But
running from a java process (in that case eclipse) using a
ProcessBuilder returned:
cannot restore segment prot after reloc: Permission denied
I already thought that this was something SELinux related and I know
that the developers of that certain tool had no security in mind and I
stumbled about textrel_shlib_t and allow_execmod, and indeed
allow_execmod fixed that issue (I'll need to relabel soon). But two
things seem really weird to me:
1. from a normal terminal using bash I can start that prog. Why?
2. There is no audit message in audit.log (and I had no "SELinux
prevented..." popup) Is that a bug?
any suggestions on that? Bugzilla?
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090804/9916a23c/attachment.sig>
More information about the fedora-selinux-list
mailing list