On 06/22/2015 08:48 AM, Tim.Einmahl@xxxxxx wrote: > Hi, > > in Rhel6 there was a SElinux-type called java_exec_t, so it was possible to use allow_execmem set to off but to run java without problems if it was labeled correctly. > > In Rhel7 the type java_exec_t seems to have gone so setting deny_execmem leads to problems running java. But I don't want to set deny_execmem globally. > Any idea how to achieve that? > > > Regards > Tim > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Yes, we removed it. It did not make sense to confine java at all. You can turn this boolean on and add a local policy to make java working. -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
