sellinux line command

[Fred J.]

Paul Howarth <paul at city-fan.org> wrote: On Mon, 2006-10-02 at 00:13 -0700, Fred J. wrote:
> Hi
> while following the stops to install JRE as per
> http://stanton-finley.net/fedora_core_5_installation_notes.html
> 
> 
> the instruction which says:
> If you have not already done so go to "System" > "Administration" >
> "Security Level and Firewall". Enter your root password and click
> "ok". On the "SELinux" tab click on "Modify SELinux Policy", click on
> "Compatibility" to open it and tick the check box next to "Allow the
> use of shared libraries with Text Relocation". Click "ok". Reboot your
> machine to implement the new SELinux policy.
> 
> I don't have kde or gnome and neither of the following seams to match
> what the article is talking about.
> # system-config-securitylevel
> # system-config-securitylevel-tui

This action sets the allow_execmod SELinux boolean. You could do that
from the command line without using system-config-securitylevel as
follows:

# setsebool -P allow_execmod 1

There is no need to reboot after doing this.

However, this is not the best way of solving the problem, as it relaxes
security much more than necessary. A better way would be to set the
SElinux context type of the java libraries to textrel_shlib_t, which
would have the same effect but only for those particular libraries.

Paul.

does this mean that I should ignore the step in the instruction which talks about 
"Allow the use of shared libraries with Text Relocation".
and go ahead with the rest of the steps as listed here
http://stanton-finley.net/fedora_core_5_installation_notes.html under Java and then go back and set the SElinux context type of the java libraries to textrel_shlib_t. ?

 		
---------------------------------
Do you Yahoo!?
 Everyone is raving about the  all-new Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20061002/337e7452/attachment.html