Java patch from Dan Walsh.

Additional java context

unconfined_Java apps needs to execmod any file since we do not know where the jave content will be labeled

We want unconfined java apps to transition to rpm when they execute rpm_exec_t.  To maintain proper labeling.
This commit is contained in:
Chris PeBenito 2010-05-14 10:40:59 -04:00
parent 299db7080c
commit 84940a0995
2 changed files with 13 additions and 1 deletions

View File

@ -32,3 +32,7 @@
/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0) /usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0) /usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
ifdef(`distro_redhat',`
/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
')

View File

@ -1,5 +1,5 @@
policy_module(java, 2.2.1) policy_module(java, 2.2.2)
######################################## ########################################
# #
@ -147,6 +147,14 @@ optional_policy(`
init_dbus_chat_script(unconfined_java_t) init_dbus_chat_script(unconfined_java_t)
files_execmod_all_files(unconfined_java_t)
init_dbus_chat_script(unconfined_java_t)
unconfined_domain_noaudit(unconfined_java_t) unconfined_domain_noaudit(unconfined_java_t)
unconfined_dbus_chat(unconfined_java_t) unconfined_dbus_chat(unconfined_java_t)
optional_policy(`
rpm_domtrans(unconfined_java_t)
')
') ')