Feedback on Java applet functionality?
Rahul
sundaram at fedoraproject.org
Fri Aug 11 20:46:01 UTC 2006
Paul Howarth wrote:
> On Sat, 2006-08-12 at 01:43 +0530, Rahul wrote:
>> Louis Garcia II wrote:
>>>> Hi
>>>>
>>>> I was expecting to some comments on whether this feature works well in
>>>> Fedora Core 6 test 2 and the current development tree. Anyone tried it
>>>> out with the applets in the wild?
>>>>
>>>> Rahul
>>> When I visited a page with an applet it froze firefox. I looked in the logs and saw this:
>>>
>>> Aug 11 15:13:55 soncomputer kernel: audit(1155323634.469:38): avc: denied { execmem } for pid=3198 comm="gappletviewer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>>>
>>> What component does this fall under? Should it be selinux?
>>>
>> Yes. Please file a bug report against SELinux. GCJ applet viewer
>> probably should be fixed in the future to not require execmem
>> permissions but meanwhile the SELinux targeted policy can be modified to
>> allow this.
>>
>> You can do setsebool -P allow_execmom=1 and see if you are able to
>> workaround this for now.
>
> Wouldn't it be better to do:
>
> # chcon -t unconfined_execmem_exec_t /path/to/gappletviewer
>
> Paul.
Yes. If you want to do it only on that application instead of disabling
the checks on every program, thats a better way to do it. However I am
not running the applet viewer or the test releases now so my earlier
instructions are simpler to follow.
Rahul
More information about the devel
mailing list