On Thu, Feb 9, 2012 at 4:57 PM, Miroslav Grepl <mgrepl@redhat.com> wrote:
On 02/09/2012 02:52 AM, Nabeel Moidu wrote:
Hi
Is there a tomcat implementation of selinux where the process
runs in its own domain rather than unconfined_java_t ?
Are there any known issues with implementing java servers in
a confined domain ?
If not tomcat, can somebody point me to any other java server
(jetty/websphere etc) with a selinux implementation ?
--
Thanks and Regards,
What OS?
tomcat should be running as initrc_t on RHEL6. We probably need this
also in Fedora. Basically this new domain would end up as unconfined
domain, but you can start with writing policy using sepolgen tools.
$ sepolgen -t 0 /usr/bin/tomcat
$ sh tomcat.sh
You probably will need to add
java_domtrans(tomcat_t)
to the tomcat.te policy file. Let me look at it also.