开发者

SELinux Prevents Java from Running

I recently installed Sun Java on a system with a fairly basic SELinux install on it.

I'm running Debian Etch and installed the Sun Java package from the non-free package repository.

Here are the error notices that appear in the syslog when I run java -version.

`Feb 9 14:02:40 dev kernel: audit(1265742160.570:4107): avc: denied { execmem } for pid=9882 comm="java" scon开发者_高级运维text=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process

Feb 9 14:02:40 dev kernel: audit(1265742160.578:4108): avc: denied { execmem } for pid=9882 comm="java" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process`

I've googled around and it seems that I need to create an SELinux policy that permits Java to perform operations that violate the execmem constraints. Is this a correct assumption? If so, how should I get started?

Updates:

I looked for and found a targeted policy aimed at handling Java. I installed it using the following command:

$ sudo semodule -i /usr/share/selinux/refpolicy-targeted/java.pp

This did not help, however. I continue to see identical audit messages in the syslog.


This guide: http://etbe.coker.com.au/2006/12/08/se-linux-on-debian-in-5-minutes/ and dgrift on #selinux clued me in on the correct solution.

# semodule -i /usr/share/selinux/refpolicy-targeted/java.pp
# restorecon -r -v /usr

There is a targeted policy available for Java that has to be applied using semodule. Once the policy is applied, restorecon has to be used to apply the policy to the Java binaries.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜