-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 5 Nov 2008 17:44:16 -0700, you wrote: >So that tells me that it will have a type of bin_t. Due to the funny >stuff that GCL is doing on the heap, SELinux won't let it run. The >type java_exec_t is sufficiently lenient that GCL runs fine with that >type. Is it okay to abuse the name java_exec_t in this way? If so, >I'll bugzilla a request for the label change. Because you wrote, that all works fine, if you are labeled /usr/bin/gcl with java_exec_t. I will suggest the following: Installing the selinux-policy soruce rpm on your system and make a rpmbuild -bp to get the sources of the SELinux reference policy. - From this you should search for the following files: Java.fc java.if java.te Fromt this files, you should create copies with the names: gcl.fc gcl.if gcl.te Now you should rename any occurence of 'java' into 'gcl'. At last you should assigned the lable 'gcl_exec_t' to /usr/bin/gcl into the gcl.fc file. Now you should be abled to create a SELinux module which should fix your reported mprotect-SELinux issue. Best Regards: Jochen Schmitt -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.0 (Build 397) Charset: us-ascii wj8DBQFJEx4/T2AHK6txfgwRAmFTAKCT+/1XGfR1G1LblKy2oNkIE5NhYgCeMMuh PGptOsP6/3B9xdGCNBBu2B8= =lxCm -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
