How to get an SELinux policy change
Jerry James
loganjerry at gmail.com
Thu Nov 6 00:44:16 UTC 2008
On Wed, Nov 5, 2008 at 1:20 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> You can get the context of the final destination of the file using
>
> chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl
>
> Which seems to be a fine way of doing. this.
So that tells me that it will have a type of bin_t. Due to the funny
stuff that GCL is doing on the heap, SELinux won't let it run. The
type java_exec_t is sufficiently lenient that GCL runs fine with that
type. Is it okay to abuse the name java_exec_t in this way? If so,
I'll bugzilla a request for the label change.
Thanks to everyone who responded.
--
Jerry James
http://loganjerry.googlepages.com/
More information about the fedora-devel-list
mailing list