2017-04-13 23:24:23

by guido

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/10] java: enable interactive use

This patch is required for java to print messages to
the user terminals (interactive java applications use).

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/java.te | 7 +++++++
1 file changed, 7 insertions(+)

--- refpolicy-2.20170204-orig/policy/modules/contrib/java.te 2017-02-04 19:30:39.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/java.te 2017-04-09 16:24:20.039657686 +0200
@@ -132,6 +132,13 @@ tunable_policy(`allow_java_execstack',`

auth_use_nsswitch(java_t)

+corecmd_read_bin_symlinks(java_t)
+
+locallogin_use_fds(java_t)
+
+userdom_read_user_tmp_files(java_t)
+userdom_use_user_ttys(java_t)
+
optional_policy(`
xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
')


2017-04-14 09:32:58

by Christian Göttsche

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/10] java: enable interactive use

2017-04-14 1:24 GMT+02:00 Guido Trentalancia via refpolicy
<[email protected]>:
> This patch is required for java to print messages to
> the user terminals (interactive java applications use).
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/java.te | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --- refpolicy-2.20170204-orig/policy/modules/contrib/java.te 2017-02-04 19:30:39.000000000 +0100
> +++ refpolicy-2.20170204/policy/modules/contrib/java.te 2017-04-09 16:24:20.039657686 +0200
> @@ -132,6 +132,13 @@ tunable_policy(`allow_java_execstack',`
>
> auth_use_nsswitch(java_t)
>
> +corecmd_read_bin_symlinks(java_t)

corecmd_read_bin_symlinks() has been deprecated by corecmd_search_bin()

> +
> +locallogin_use_fds(java_t)
> +
> +userdom_read_user_tmp_files(java_t)
> +userdom_use_user_ttys(java_t)

maybe use userdom_use_inherited_user_terminals()?

> +
> optional_policy(`
> xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
> ')
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

2017-04-14 10:04:54

by guido

[permalink] [raw]
Subject: [refpolicy] [PATCH v2 1/10] java: enable interactive use

This patch is required for java to print messages to
the user terminals (interactive java applications use).

Thanks to Christian G?ttsche for pointing out an
obsolete corecommands interface.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/java.te | 7 +++++++
1 file changed, 7 insertions(+)

--- refpolicy-2.20170204-orig/policy/modules/contrib/java.te 2017-02-04 19:30:39.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/java.te 2017-04-09 16:24:20.039657686 +0200
@@ -132,6 +132,13 @@ tunable_policy(`allow_java_execstack',`

auth_use_nsswitch(java_t)

+corecmd_search_bin(java_t)
+
+locallogin_use_fds(java_t)
+
+userdom_read_user_tmp_files(java_t)
+userdom_use_user_ttys(java_t)
+
optional_policy(`
xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
')