Hi Gents, We have spent the last two weeks on creating selinux-modules for jboss and a custom-made jbossjava-module. I've attached the files to this message. We would like you guys to take a look at our modules and tell us what we did wrong. For instance we didn't use real domain-transitions (at least we didn't use real domtrans()) to give jbossjava access to myjboss, do we have to? Or is the way we work sufficient? It is possible that we made some of the rules to coarse, if that's the case, please let us know how we can make them better. This is our first attempt to write a module and let it checked upstream but that doesn't mean you have to be mild to us! At the moment we use the (selinux)-user ejbca because in our current system we are running ejbca on top of jboss, but we are changing it this week to run as jboss. Please sent changes as real patches so we can patch our source-code! With regards, Ronald van den Blink
Attachment:
jbossjava.fc
Description: Binary data
Attachment:
jbossjava.if
Description: Binary data
Attachment:
jbossjava.te
Description: Binary data
Attachment:
myjboss.fc
Description: Binary data
Attachment:
myjboss.if
Description: Binary data
Attachment:
myjboss.te
Description: Binary data
