From: guido@trentalancia.com (Guido Trentalancia)
Date: Thu, 22 Jun 2017 02:43:48 +0200
Subject: [refpolicy] [PATCH] java: let javaws execute binaries and the
 shell
In-Reply-To: <f380bda3-0c45-3a2e-2985-b770a7df7142@ieee.org>
References: <1497985828.4769.19.camel@trentalancia.com>
	<f380bda3-0c45-3a2e-2985-b770a7df7142@ieee.org>
Message-ID: <1498092228.4558.1.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The generic domain at the moment is "java_domain".

Without this permission, the Java Web Start does not work.

I did rush to submit it for the new release... But, it is up to you at
this point.

Regards,

Guido

On Wed, 21/06/2017 at 18.17 -0400, Chris PeBenito wrote
> On 06/20/2017 03:10 PM, Guido Trentalancia via refpolicy wrote:
> > Let Java Web Start (domain java_t) execute generic binaries
> > and the shell.
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > ---
> >  policy/modules/contrib/java.te |    3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > --- a/policy/modules/contrib/java.te	2017-05-23
> > 21:34:17.369592081 +0200
> > +++ b/policy/modules/contrib/java.te	2017-06-20
> > 21:07:46.988046583 +0200
> > @@ -133,6 +133,9 @@ tunable_policy(`allow_java_execstack',`
> >  auth_use_nsswitch(java_t)
> > 
> >  corecmd_search_bin(java_t)
> > +# Java Web Start (javaws) executes generic binaries and the shell
> > +corecmd_exec_bin(java_t)
> > +corecmd_exec_shell(java_t)
> 
> I'm reluctant to add this.  java_t is a generic domain; it is not
> the 
> javaws domain.
>