Two diferent Java programs on same machine
giovanni testing
giovannitesting at gmail.com
Wed Jul 14 15:47:24 UTC 2010
Thank you for reply so fast.
I'm trying runcon but throws "Permission denied" and no AVC appears (I dont
know how to fix it).
This happens when applying the command "runcon -t MyPolicy_t nano" (nano is
executed to make easier the task of probe the file permissions of the policy
(try to open files of MyPolicy and verify that they are read only, read and
write or no accessible)).
What should I do to fix it?
Thank you again
2010/7/14 Stephen Smalley <sds at tycho.nsa.gov>
> On Wed, 2010-07-14 at 16:46 +0200, giovanni testing wrote:
> > Hi everyone,
> >
> > I have to run two differents Java programs, with different permissions
> > (they access to different files and listen to different ports).
> > There is some way to specify different rules even they share the same
> > executable (Java)?
> >
> > I'm thinking of one possibility, but I think that is not possible:
> > -If you come from unconfined_t and run MyPolice_exec_t (java), the
> > transition goes to MyPoliceA_t
> > -If you come from user_t and run MyPolic_exec_t(java), the transition
> > goes to MyPoliceB_t
>
> That is possible, but you don't want to label java itself with
> MyPolice_exec_t. Instead, create a wrapper that invokes java with the
> right arguments, and label it with MyPolice_exec_t.
>
> You can also use runcon -t to launch a program in a particular domain
> type if the caller is authorized to do so, e.g.
> runcon -t MyPolice_t java ...
>
> --
> Stephen Smalley
> National Security Agency
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100714/e9fe2bf5/attachment.html
More information about the selinux
mailing list