Disable for java?

Daniel J Walsh dwalsh at redhat.com
Tue May 9 13:37:20 UTC 2006 

Fred Harris wrote:
> Thanks for replying.
>
> Bruno, I tried doing what you said, but had to use
> setsebool -P allow_execmem true ('true' instead of 'on')
>
> is that the same thing?  I think it was already enabled anyway. 
> The problem I'm getting is with message logging, not with
> enabling.
>
> Paul, the messages I'm getting are the following.  
> >>>
> May  4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc:  granted  { 
> execmem } for  pid=2159 comm="java" scontext=root:system_r:initrc_t:s0 
> tcontext=root:system_r:initrc_t:s0 tclass=process
> <<<
>
> Why would installing in other than /opt make a difference?  I used to 
> install in
> /usr/java, but Fedora says that /opt is where you should install a 
> comprehensive
> package like the JDK.  I purposely don't install the GNU JDK because there
> are lots of bugs in it I've found.
>
> How do you update to the latest policy for SELinux?  I yumed to the 
> latest Kernel.  I can't find a package for SELinux, though. 
>
> I think I'm not getting some very basic stuff about working with 
> SELinux.  It's pretty  confusing to me.  I've searched most of the 
> FAQs and explanations
> I can find on Google.  Is there a simple, good link that explains it 
> all?  For instance I have this basic question about whether or not you 
> can turn off
> monitoring for a specific application like java_home/bin/java.  It 
> seems to me that  something like that would be absolutely necessary 
> while apps get itup to speed with SELinux. 
>
>
> Thanks.
To update selinux policy you need to execute
yum upgrade selinux-policy
The latest policy should not be showing the "granted"s.

What is the context of the java executable

ls -lZ PATHTO/java

If it is not java_exec_t then do

chcon -t java_exec_t PATHTO/java

Dan



> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list