Fred Harris wrote:
Thanks for replying.
Bruno, I tried doing what you said, but had to use
setsebool -P allow_execmem true ('true' instead of 'on')
is that the same thing? I think it was already enabled anyway.
The problem I'm getting is with message logging, not with
enabling.
Paul, the messages I'm getting are the following.
>>>
May 4 16:50:32 bd1 kernel: audit(1146786631.723:22): avc: granted {
execmem } for pid=2159 comm="java" scontext=root:system_r:initrc_t:s0
tcontext=root:system_r:initrc_t:s0 tclass=process
<<<
Why would installing in other than /opt make a difference? I used to
install in
/usr/java, but Fedora says that /opt is where you should install a
comprehensive
package like the JDK. I purposely don't install the GNU JDK because there
are lots of bugs in it I've found.
How do you update to the latest policy for SELinux? I yumed to the
latest Kernel. I can't find a package for SELinux, though.
I think I'm not getting some very basic stuff about working with
SELinux. It's pretty confusing to me. I've searched most of the
FAQs and explanations
I can find on Google. Is there a simple, good link that explains it
all? For instance I have this basic question about whether or not you
can turn off
monitoring for a specific application like java_home/bin/java. It
seems to me that something like that would be absolutely necessary
while apps get itup to speed with SELinux.
Thanks.
To update selinux policy you need to execute
yum upgrade selinux-policy
The latest policy should not be showing the "granted"s.
What is the context of the java executable
ls -lZ PATHTO/java
If it is not java_exec_t then do
chcon -t java_exec_t PATHTO/java
Dan
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
