From: guido@trentalancia.com (Guido Trentalancia) Date: Thu, 22 Jun 2017 02:43:48 +0200 Subject: [refpolicy] [PATCH] java: let javaws execute binaries and the shell In-Reply-To: References: <1497985828.4769.19.camel@trentalancia.com> Message-ID: <1498092228.4558.1.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The generic domain at the moment is "java_domain". Without this permission, the Java Web Start does not work. I did rush to submit it for the new release... But, it is up to you at this point. Regards, Guido On Wed, 21/06/2017 at 18.17 -0400, Chris PeBenito wrote > On 06/20/2017 03:10 PM, Guido Trentalancia via refpolicy wrote: > > Let Java Web Start (domain java_t) execute generic binaries > > and the shell. > > > > Signed-off-by: Guido Trentalancia > > --- > > policy/modules/contrib/java.te | 3 +++ > > 1 file changed, 3 insertions(+) > > > > --- a/policy/modules/contrib/java.te 2017-05-23 > > 21:34:17.369592081 +0200 > > +++ b/policy/modules/contrib/java.te 2017-06-20 > > 21:07:46.988046583 +0200 > > @@ -133,6 +133,9 @@ tunable_policy(`allow_java_execstack',` > > auth_use_nsswitch(java_t) > > > > corecmd_search_bin(java_t) > > +# Java Web Start (javaws) executes generic binaries and the shell > > +corecmd_exec_bin(java_t) > > +corecmd_exec_shell(java_t) > > I'm reluctant to add this. java_t is a generic domain; it is not > the > javaws domain. >