On 06/22/2015 08:48 AM, Tim.Einmahl(a)kba.de wrote:
Hi,
in Rhel6 there was a SElinux-type called java_exec_t, so it was possible to use
allow_execmem set to off but to run java without problems if it was labeled correctly.
In Rhel7 the type java_exec_t seems to have gone so setting deny_execmem leads to
problems running java. But I don't want to set deny_execmem globally.
Any idea how to achieve that?
Regards
Tim
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, we removed it. It did not make sense to confine java at all. You
can turn this boolean on and add a local policy to make java working.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.