Feedback on Java applet functionality?

Paul Howarth paul at city-fan.org
Fri Aug 11 20:18:35 UTC 2006


On Sat, 2006-08-12 at 01:43 +0530, Rahul wrote:
> Louis Garcia II wrote:
> >> Hi
> >>
> >> I was expecting to some comments on whether this feature works well in
> >> Fedora Core 6 test 2 and the current development tree. Anyone tried it
> >> out with the applets in the wild?
> >>
> >> Rahul
> > 
> > When I visited a page with an applet it froze firefox. I looked in the logs and saw this:
> > 
> > Aug 11 15:13:55 soncomputer kernel: audit(1155323634.469:38): avc:  denied  { execmem } for  pid=3198 comm="gappletviewer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> > 
> > What component does this fall under? Should it be selinux?
> > 
> 
> Yes. Please file a bug report against SELinux. GCJ applet viewer 
> probably should be fixed in the future to not require execmem 
> permissions but meanwhile the SELinux targeted policy can be modified to 
> allow this.
> 
> You can do setsebool -P allow_execmom=1 and see if you are able to 
> workaround this for now.

Wouldn't it be better to do:

# chcon -t unconfined_execmem_exec_t /path/to/gappletviewer

Paul.




More information about the devel mailing list