[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: writing a java policy file
From: Colin Walters <walters () verbum ! org>
Date: 2003-07-31 3:30:56
[Download RAW message or body]
On Wed, 2003-07-30 at 22:02, Michael Luu wrote:
> hi all,
>
> i'm trying set up a simple java policy whereby i only allow a specific
> user (in java_r role) to run a java (type java_t)application that
> communicates with a server (e.g., www.yahoo.com).
I think that java_t is a bad name for what you're doing. It seems to me
that you are writing a policy for a program which is implemented in
Java, not the JVM itself.
What you probably want to do is write up a macro like
uses_java(foo_t)
that gives an application privileges to do everything that the JVM does
by default (i.e. using shared libraries, maybe mmapping /dev/zero,
whatever).
Then you should write a policy for your application, call it myapp_t,
and use the uses_java macro. The .fc file looks fine though.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic