On 24 May 2017 02:51:11 EEST, Bill D <littus(a)icloud.com> wrote:
Greetings:
I have been trying to figure out how to control the execution of Java
JAR files with SELinux RBAC.
I have two Linux users named joe and mary and two Java JAR files named
jack.jar and mary.jar.
Here is how jack executes jack.jar: java -jar jack.jar
Here is how mary executes mary.jar: java -jar mary.jar
I would like SELinux RBAC to prevent jack from executing mary.jar and
prevent mary from executing jack.jar.
Leaving a bit aside the original question (to which I want to learn the answer as
well), may I ask why isn't something like :
chown jack jack.jar
chown mary mary.jar
chmod 700 jack.jar
chmod 700 mary.jar
suitable for your use case ?