[refpolicy] [PATCH] java: let javaws execute binaries and the shell

Chris PeBenito pebenito at ieee.org
Wed Jun 21 22:17:15 UTC 2017


On 06/20/2017 03:10 PM, Guido Trentalancia via refpolicy wrote:
> Let Java Web Start (domain java_t) execute generic binaries
> and the shell.
>
> Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
> ---
>  policy/modules/contrib/java.te |    3 +++
>  1 file changed, 3 insertions(+)
>
> --- a/policy/modules/contrib/java.te	2017-05-23 21:34:17.369592081 +0200
> +++ b/policy/modules/contrib/java.te	2017-06-20 21:07:46.988046583 +0200
> @@ -133,6 +133,9 @@ tunable_policy(`allow_java_execstack',`
>  auth_use_nsswitch(java_t)
>
>  corecmd_search_bin(java_t)
> +# Java Web Start (javaws) executes generic binaries and the shell
> +corecmd_exec_bin(java_t)
> +corecmd_exec_shell(java_t)

I'm reluctant to add this.  java_t is a generic domain; it is not the 
javaws domain.

-- 
Chris PeBenito


More information about the refpolicy mailing list