From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 21 Jun 2017 18:17:15 -0400 Subject: [refpolicy] [PATCH] java: let javaws execute binaries and the shell In-Reply-To: <1497985828.4769.19.camel@trentalancia.com> References: <1497985828.4769.19.camel@trentalancia.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/20/2017 03:10 PM, Guido Trentalancia via refpolicy wrote: > Let Java Web Start (domain java_t) execute generic binaries > and the shell. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/java.te | 3 +++ > 1 file changed, 3 insertions(+) > > --- a/policy/modules/contrib/java.te 2017-05-23 21:34:17.369592081 +0200 > +++ b/policy/modules/contrib/java.te 2017-06-20 21:07:46.988046583 +0200 > @@ -133,6 +133,9 @@ tunable_policy(`allow_java_execstack',` > auth_use_nsswitch(java_t) > > corecmd_search_bin(java_t) > +# Java Web Start (javaws) executes generic binaries and the shell > +corecmd_exec_bin(java_t) > +corecmd_exec_shell(java_t) I'm reluctant to add this. java_t is a generic domain; it is not the javaws domain. -- Chris PeBenito