Umm, how's the easiest way to permit that one? Do I need to create a local policy or can I just use a command line? Sorry I am really a newbie. :)
I am using javac 1.8.0_65. It is the same version for the "java" program.
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) Client VM (build 25.65-b01, mixed mode)
On Mon, Apr 3, 2017 at 7:52 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote:
On Tue, 4 Apr 2017 12:35:47 PM Rahmadi Trimananda wrote:
> I have more error messages from /var/log/audit/audit.log if this is of any
> use for you. And yeah, it works in permissive mode (sudo setenforce 0).
> BTW, what do you mean by "run javac in strace"?
>
> iotuser@raspberrypi:~/policy $ sudo cat /var/log/audit/audit.log | grep
> javac
> type=AVC msg=audit(1491260813.624:793): avc: denied { mmap_zero } for
> pid=1656 comm="javac"
> scontext=unconfined_u:unconfined_r:unconfined_t:s0- Try permitting that one and see if it changes things. What version of javacs0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0- s0:c0.c1023
> tclass=memprotect permissive=0
are you using? Is it an old version?
Also when posting such things to the list please include the output of
auditallow as well as the raw AVC messages whenever you send more than 2-3
entries. When your MUA wraps the lines the result isn't accepted by
audit2allow and that makes it less convenient for us to process your messages
(usually audit2allow output is more useful than reading raw AVC log entries).
If there is only a single AVC message then we can all run audit2allow in our
heads. ;)
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Kind regards,
Rahmadi Trimananda
Ph.D. student @ University of California, Irvine
"Stay hungry, stay foolish!" - Steve Jobs -
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
