[selinux-policy: 2662/3172] Java patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:56:43 UTC 2010
commit 84940a099576b327380a9b319f611bdddc79ff06
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 14 10:40:59 2010 -0400
Java patch from Dan Walsh.
Additional java context
unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled
We want unconfined java apps to transition to rpm when they execute rpm_exec_t. To maintain proper labeling.
policy/modules/apps/java.fc | 4 ++++
policy/modules/apps/java.te | 10 +++++++++-
2 files changed, 13 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
index f91c9a5..86c1768 100644
--- a/policy/modules/apps/java.fc
+++ b/policy/modules/apps/java.fc
@@ -32,3 +32,7 @@
/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+
+ifdef(`distro_redhat',`
+/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
+')
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 21f1665..76861e3 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
-policy_module(java, 2.2.1)
+policy_module(java, 2.2.2)
########################################
#
@@ -147,6 +147,14 @@ optional_policy(`
init_dbus_chat_script(unconfined_java_t)
+ files_execmod_all_files(unconfined_java_t)
+
+ init_dbus_chat_script(unconfined_java_t)
+
unconfined_domain_noaudit(unconfined_java_t)
unconfined_dbus_chat(unconfined_java_t)
+
+ optional_policy(`
+ rpm_domtrans(unconfined_java_t)
+ ')
')
More information about the scm-commits
mailing list