On 05/23/2017 05:00 PM, Manuel Wolfshant wrote:
On 24 May 2017 02:51:11 EEST, Bill D <littus(a)icloud.com>
wrote:
> Greetings:
>
> I have been trying to figure out how to control the execution of Java
> JAR files with SELinux RBAC.
>
> I have two Linux users named joe and mary and two Java JAR files named
> jack.jar and mary.jar.
>
> Here is how jack executes jack.jar: java -jar jack.jar
>
> Here is how mary executes mary.jar: java -jar mary.jar
>
> I would like SELinux RBAC to prevent jack from executing mary.jar and
> prevent mary from executing jack.jar.
>
Leaving a bit aside the original question (to which I want to learn
the answer as well), may I ask why isn't something like :
chown jack jack.jar
chown mary mary.jar
chmod 700 jack.jar
chmod 700 mary.jar
suitable for your use case ?
Indeed, I am aware of this approach. However, that scheme is the DAC
(discretionary access control) solution which is not ideal for my case.
I am more interested in the MAC (mandatory access control) solution
(thus SELinux RBAC). Thanks! -Bill
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org