On 05/23/2017 05:00 PM, Manuel
Wolfshant wrote:
On 24 May 2017
02:51:11 EEST, Bill D <littus@xxxxxxxxxx>
wrote:
Greetings:
I have been trying to figure out how to control the execution
of Java
JAR files with SELinux RBAC.
I have two Linux users named joe and mary and two Java JAR
files named
jack.jar and mary.jar.
Here is how jack executes jack.jar: java -jar jack.jar
Here is how mary executes mary.jar: java -jar mary.jar
I would like SELinux RBAC to prevent jack from executing
mary.jar and
prevent mary from executing jack.jar.
Leaving a bit aside the original question (to which I want to
learn the answer as well), may I ask why isn't something like :
chown jack jack.jar
chown mary mary.jar
chmod 700 jack.jar
chmod 700 mary.jar
suitable for your use case ?
Indeed, I am aware of this approach. However, that scheme is the
DAC (discretionary access control) solution which is not ideal for
my case. I am more interested in the MAC (mandatory access
control) solution (thus SELinux RBAC). Thanks! -Bill
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
