Hi,
in Rhel6 there was a SElinux-type called java_exec_t, so it was possible to use allow_execmem set to off but to run java without problems if it was labeled correctly.
In Rhel7 the type java_exec_t seems to have gone so setting deny_execmem leads to problems running java. But I don't want to set deny_execmem globally. Any idea how to achieve that?
Regards Tim
On 06/22/2015 08:48 AM, Tim.Einmahl@kba.de wrote:
Hi,
in Rhel6 there was a SElinux-type called java_exec_t, so it was possible to use allow_execmem set to off but to run java without problems if it was labeled correctly.
In Rhel7 the type java_exec_t seems to have gone so setting deny_execmem leads to problems running java. But I don't want to set deny_execmem globally. Any idea how to achieve that?
Regards Tim
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, we removed it. It did not make sense to confine java at all. You can turn this boolean on and add a local policy to make java working.
selinux@lists.fedoraproject.org