Tomcat selinux
Miroslav Grepl
mgrepl at redhat.com
Thu Feb 9 11:27:07 UTC 2012
On 02/09/2012 02:52 AM, Nabeel Moidu wrote:
> Hi
>
> Is there a tomcat implementation of selinux where the process runs in
> its own domain rather than unconfined_java_t ?
>
> Are there any known issues with implementing java servers in a
> confined domain ?
>
> If not tomcat, can somebody point me to any other java server
> (jetty/websphere etc) with a selinux implementation ?
>
> --
> Thanks and Regards,
What OS?
tomcat should be running as initrc_t on RHEL6. We probably need this
also in Fedora. Basically this new domain would end up as unconfined
domain, but you can start with writing policy using sepolgen tools.
$ sepolgen -t 0 /usr/bin/tomcat
$ sh tomcat.sh
You probably will need to add
java_domtrans(tomcat_t)
to the tomcat.te policy file. Let me look at it also.
>
> Nabeel Moidu
> Hyderabad, India
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120209/c4f57aee/attachment.html>
More information about the selinux
mailing list