I'm trying runcon but throws "Permission denied" and no AVC appears (I dont know how to fix it).
This happens when applying the command "runcon -t MyPolicy_t nano" (nano is executed to make easier the task of probe the file permissions of the policy (try to open files of MyPolicy and verify that they are read only, read and write or no accessible)).
What should I do to fix it?
Thank you again
2010/7/14 Stephen Smalley <sds@xxxxxxxxxxxxx>
That is possible, but you don't want to label java itself withOn Wed, 2010-07-14 at 16:46 +0200, giovanni testing wrote:
> Hi everyone,
>
> I have to run two differents Java programs, with different permissions
> (they access to different files and listen to different ports).
> There is some way to specify different rules even they share the same
> executable (Java)?
>
> I'm thinking of one possibility, but I think that is not possible:
> -If you come from unconfined_t and run MyPolice_exec_t (java), the
> transition goes to MyPoliceA_t
> -If you come from user_t and run MyPolic_exec_t(java), the transition
> goes to MyPoliceB_t
MyPolice_exec_t. Instead, create a wrapper that invokes java with the
right arguments, and label it with MyPolice_exec_t.
You can also use runcon -t to launch a program in a particular domain
type if the caller is authorized to do so, e.g.
runcon -t MyPolice_t java ...
--
Stephen Smalley
National Security Agency
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
