Feedback on Java applet functionality?
Paul Howarth
paul at city-fan.org
Fri Aug 11 20:18:35 UTC 2006
On Sat, 2006-08-12 at 01:43 +0530, Rahul wrote:
> Louis Garcia II wrote:
> >> Hi
> >>
> >> I was expecting to some comments on whether this feature works well in
> >> Fedora Core 6 test 2 and the current development tree. Anyone tried it
> >> out with the applets in the wild?
> >>
> >> Rahul
> >
> > When I visited a page with an applet it froze firefox. I looked in the logs and saw this:
> >
> > Aug 11 15:13:55 soncomputer kernel: audit(1155323634.469:38): avc: denied { execmem } for pid=3198 comm="gappletviewer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> >
> > What component does this fall under? Should it be selinux?
> >
>
> Yes. Please file a bug report against SELinux. GCJ applet viewer
> probably should be fixed in the future to not require execmem
> permissions but meanwhile the SELinux targeted policy can be modified to
> allow this.
>
> You can do setsebool -P allow_execmom=1 and see if you are able to
> workaround this for now.
Wouldn't it be better to do:
# chcon -t unconfined_execmem_exec_t /path/to/gappletviewer
Paul.
More information about the devel
mailing list