<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 02/09/2012 02:52 AM, Nabeel Moidu wrote:
<blockquote
cite="mid:CAKTAHSx3nfvq0TWSGJiRTOjjZnZKiQ3YmMc2P=wsXOWyLANMdQ@mail.gmail.com"
type="cite">Hi
<div><br>
</div>
<div>Is there a tomcat implementation of selinux where the process
runs in its own domain rather than unconfined_java_t ?</div>
<div><br>
</div>
<div>Are there any known issues with implementing java servers in
a confined domain ?</div>
<div><br>
</div>
<div>If not tomcat, can somebody point me to any other java server
(jetty/websphere etc) with a selinux implementation ?<br
clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Thanks and Regards,</div>
</div>
</blockquote>
What OS? <br>
<br>
tomcat should be running as initrc_t on RHEL6. We probably need this
also in Fedora. Basically this new domain would end up as unconfined
domain, but you can start with writing policy using sepolgen tools.<br>
<br>
$ sepolgen -t 0 /usr/bin/tomcat<br>
$ sh tomcat.sh<br>
<br>
You probably will need to add<br>
<br>
java_domtrans(tomcat_t)<br>
<br>
to the tomcat.te policy file. Let me look at it also.<br>
<br>
<blockquote
cite="mid:CAKTAHSx3nfvq0TWSGJiRTOjjZnZKiQ3YmMc2P=wsXOWyLANMdQ@mail.gmail.com"
type="cite">
<div>
<div dir="ltr">
<br>
Nabeel Moidu<br>
Hyderabad, India</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
selinux mailing list
<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
<br>
</body>
</html>