All of lore.kernel.org
 help / color / mirror / Atom feed
From: antoine <antoine@nagafix.co.uk>
To: SELinux <selinux@tycho.nsa.gov>
Subject: Java & SELinux? JNI?
Date: Tue, 14 Jun 2005 18:38:27 +0100	[thread overview]
Message-ID: <1118770707.10262.58.camel@localhost> (raw)

Has anyone written a default policy for Java 1.5?
I've just made one for Java + Tomcat 5.5 and discovered a few things
along the way: Java1.5 needs write access to /dev/random! (even when
just running or compiling things - there is a bug id for this @sun), it
also tests to see if it can execute files in /tmp/!, etc

Also, has anyone looked at providing a JNI interface to libselinux?
I could find a few uses for this where the same java instance may be
used by different contexts and would need to rely on lower level code to
enforce file access (and provide another layer of protection for file
paths trickery). It would need some fairly tight integration between the
domains and the Java code but it could be quite useful. An example of
this would be webapps in tomcat, but this could also be applied to
application contexts within the same webapp too.

Antoine


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

                 reply	other threads:[~2005-06-14 17:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1118770707.10262.58.camel@localhost \
    --to=antoine@nagafix.co.uk \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.