Re: sellinux line command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Fred J. wrote:
>
> Paul Howarth wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
>> Hi
>> while following the stops to install JRE as per
>> http://stanton-finley.net/fedora_core_5_installation_notes.html
>>
>>
>> the instruction which says:
>> If you have not already done so go to "System" > "Administration" >
>> "Security Level and Firewall". Enter your root password and click
>> "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on
>> "Compatibility" to open it and tick the check box next to "Allow the
>> use of shared libraries with Text Relocation". Click "ok". Reboot your
>> machine to implement the new SELinux policy.
>>
>> I don't have kde or gnome and neither of the following seams to match
>> what the article is talking about.
>> # system-config-securitylevel
>> # system-config-securitylevel-tui
>
> This action sets the allow_execmod SELinux boolean. You could do that
> from the command line without using system-config-securitylevel as
> follows:
>
> # setsebool -P allow_execmod 1
>
> There is no need to reboot after doing this.
>
> However, this is not the best way of solving the problem, as it relaxes
> security much more than necessary. A better way would be to set the
> SElinux context type of the java libraries to textrel_shlib_t, which
> would have the same effect but only for those particular libraries.
>
> Paul.
>
> does this mean that I should ignore the step in the instruction which talks about
> "Allow the use of shared libraries with Text Relocation".
> and go ahead with the rest of the steps as listed here
> http://stanton-finley.net/fedora_core_5_installation_notes.html under Java and then go back and set the SElinux context type of the java libraries to textrel_shlib_t. ?

Yes, you could do it that way.

However, I think a better way, from both a system maintenance and
SELinux point of view, would be to use the JPackage RPMs. You need to
build these yourself due to the way Sun license Java, and this may
appear at first to be a daunting prospect, but it's not difficult
really. See: http://www.city-fan.org/tips/JpackageJava

Installing Java using the JPackage RPMs will get all of the SELinux
contexts set correctly "out of the box" and the software will be managed
by RPM, just like all the other software on the system. It really is the
best way IMHO.

Paul.
Paul
thanks alot
after going through the link I now have it.
[fred@localhost i586]$ java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing)
[fred@localhost i586]$ cd /usr/lib/mozilla/plugins/
[fred@localhost plugins]$ ls
[fred@localhost plugins]$ ls -a
.  ..
[fred@localhost plugins]$ sudo ln -s ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so .
Password:
[fred@localhost plugins]$ ls -l
total 4
lrwxrwxrwx 1 root root 62 Oct  4 03:46 libjavaplugin_oji.so -> ../../../lib/jvm/java/jre/plugin/i386/ns7/libjavaplugin_oji.so

however when I restart firefox, and go to a suitable page, it still asks to install a plugin JRE.


Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux