-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jochen Schmitt schrieb: > On Wed, 5 Nov 2008 17:44:16 -0700, you wrote: > >> So that tells me that it will have a type of bin_t. Due to the >> funny stuff that GCL is doing on the heap, SELinux won't let it >> run. The type java_exec_t is sufficiently lenient that GCL runs >> fine with that type. Is it okay to abuse the name java_exec_t in >> this way? If so, I'll bugzilla a request for the label change. > > Because you wrote, that all works fine, if you are labeled > /usr/bin/gcl with java_exec_t. I will suggest the following: > > Installing the selinux-policy soruce rpm on your system and make a > rpmbuild -bp to get the sources of the SELinux reference policy. > > - From this you should search for the following files: > > Java.fc java.if java.te > > Fromt this files, you should create copies with the names: > > gcl.fc gcl.if gcl.te > > Now you should rename any occurence of 'java' into 'gcl'. > > At last you should assigned the lable 'gcl_exec_t' to /usr/bin/gcl > into the gcl.fc file. > > Now you should be abled to create a SELinux module which should fix > your reported mprotect-SELinux issue. > > Best Regards: > > Jochen Schmitt > I have try to create a SELinux module which I have uploaded to: http://www.herr-schmitt.de/pub/gcl/gcl.tar.gz I home this may be helpful for the original poster. Best Regards: Jochen Schmitt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkTO0IACgkQT2AHK6txfgylPgCggxAf+9CYR7k+CnJwxrKbWwBO I8kAn3Gd8aJSqiJVP/xPNyNBLsb631XS =frGz -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
