How to get an SELinux policy change
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 5 20:20:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jerry James wrote:
> I'm working on getting GCL to run again. The current Debian patch
> (which is enormous) fixes most problems, but not the long-running
> SELinux problem that GCL has had. I took a hint from a thread on this
> list a couple of months ago. I let make run until it crashed due to a
> denied mprotect() call, did chcon -t java_exec_t on the binaries, and
> restarted the make. It completed successfully. I can patch the
> makefile to do the chcon call in the right place, but I'm worried
> about getting the right security context on installation now. First,
> is using java_exec_t in this way acceptable? Second, if so, how do I
> ask for Fedora's policy to reflect that: bugzilla, request on this
> list, some other list? Thanks,
You can get the context of the final destination of the file using
chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl
Which seems to be a fine way of doing. this.
Of course I am guessing that gcl is the name of the executable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkSAAoACgkQrlYvE4MpobMH5gCbBjXxGYUFEsELC3bi3dOwEXEy
TxcAoOs5vcMsDnUwHPmAZP05G/76273D
=tQE6
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list