On 02/09/2012 02:52 AM, Nabeel Moidu wrote:
Hi
Is there a tomcat implementation of selinux where the process runs in its own domain rather than unconfined_java_t ?
Are there any known issues with implementing java servers in a confined domain ?
If not tomcat, can somebody point me to any other java server (jetty/websphere etc) with a selinux implementation ?
-- Thanks and Regards,
What OS?
tomcat should be running as initrc_t on RHEL6. We probably need this also in Fedora. Basically this new domain would end up as unconfined domain, but you can start with writing policy using sepolgen tools.
$ sepolgen -t 0 /usr/bin/tomcat $ sh tomcat.sh
You probably will need to add
java_domtrans(tomcat_t)
to the tomcat.te policy file. Let me look at it also.
Nabeel Moidu Hyderabad, India
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux