On Sun, 2005-04-03 at 19:54 -0700, Anthony Green wrote: > On Sun, 2005-04-03 at 21:29 +0200, Roger Grosswiler wrote: > > Since there is a kind of Java-Support with GCJ in FC4T1,shouldn't we > > better use this??? If yes, how to? > > See gcjwebplugin: http://www.nongnu.org/gcjwebplugin/ > > The big problem with this today is that gcj has known problems with its > sandbox security implementation. We need to fix those problems and do a > full audit of libgcj before it makes sense to package gcjwebplugin. > > I'm not fully aware of SELinux's capabilities yet, but I wonder if it's > possible to sandbox our current libgcj for gcjwebplugin by writing > strict SELinux policy. Does anybody know? Depends on the desired granularity of protection and the extent to which the current architecture uses separate processes and exec-based transitions (although the latter is less of a constraint now that SELinux supports dynamic context transitions, I suppose). Ultimately, you want a SELinux-aware jvm that uses the SELinux API to get policy decisions and apply them to its internal resources for finer- grained control as well as using the SELinux kernel controls to confine the entire process. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency