On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>
> SELinux blocks "confined" processes, but usually does not block the
> administrator who is running as unconfined_t, and is allowed to do everything
> he could do if SELinux was disabled.
>
> Confined processes are targeted to system services. Stuff that is started at
> boot versus processes started by a logged in user.
Is there a way to configure things so tomcat or other java web
containers can unpack the war files used for code deployment and
compile/cache jsp code on the fly but not be able to write anything
else (like from the several instances of struts vulnerabilities)?
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
