Java patch from Dan Walsh.
Additional java context unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled We want unconfined java apps to transition to rpm when they execute rpm_exec_t. To maintain proper labeling.
This commit is contained in:
parent
299db7080c
commit
84940a0995
@ -32,3 +32,7 @@
|
|||||||
/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
|
/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||||
|
|
||||||
/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
|
/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||||
|
|
||||||
|
ifdef(`distro_redhat',`
|
||||||
|
/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||||
|
')
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(java, 2.2.1)
|
policy_module(java, 2.2.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -147,6 +147,14 @@ optional_policy(`
|
|||||||
|
|
||||||
init_dbus_chat_script(unconfined_java_t)
|
init_dbus_chat_script(unconfined_java_t)
|
||||||
|
|
||||||
|
files_execmod_all_files(unconfined_java_t)
|
||||||
|
|
||||||
|
init_dbus_chat_script(unconfined_java_t)
|
||||||
|
|
||||||
unconfined_domain_noaudit(unconfined_java_t)
|
unconfined_domain_noaudit(unconfined_java_t)
|
||||||
unconfined_dbus_chat(unconfined_java_t)
|
unconfined_dbus_chat(unconfined_java_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
rpm_domtrans(unconfined_java_t)
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user