On Wed, 2010-07-14 at 16:46 +0200, giovanni testing wrote: > Hi everyone, > > I have to run two differents Java programs, with different permissions > (they access to different files and listen to different ports). > There is some way to specify different rules even they share the same > executable (Java)? > > I'm thinking of one possibility, but I think that is not possible: > -If you come from unconfined_t and run MyPolice_exec_t (java), the > transition goes to MyPoliceA_t > -If you come from user_t and run MyPolic_exec_t(java), the transition > goes to MyPoliceB_t That is possible, but you don't want to label java itself with MyPolice_exec_t. Instead, create a wrapper that invokes java with the right arguments, and label it with MyPolice_exec_t. You can also use runcon -t to launch a program in a particular domain type if the caller is authorized to do so, e.g. runcon -t MyPolice_t java ... -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
