java processbuilder and SELinux

Christoph Höger choeger at cs.tu-berlin.de
Tue Aug 4 16:18:25 UTC 2009


Hi,

I found that (somehow quite old googling brought up fc3) issue on my f10
desktop:

I have a self compiled (proprietary - so no SELinux policy available)
program in my home dir. Running it via a terminal works fine. But
running from a java process (in that case eclipse) using a
ProcessBuilder returned:
	
	cannot restore segment prot after reloc: Permission denied

I already thought that this was something SELinux related and I know
that the developers of that certain tool had no security in mind and I
stumbled about textrel_shlib_t and allow_execmod, and indeed
allow_execmod fixed that issue (I'll need to relabel soon). But two
things seem really weird to me:

1. from a normal terminal using bash I can start that prog. Why? 

2. There is no audit message in audit.log (and I had no "SELinux
prevented..." popup) Is that a bug?

any suggestions on that? Bugzilla?

Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090804/9916a23c/attachment.sig>


More information about the fedora-selinux-list mailing list