* Java & SELinux? JNI?
@ 2005-06-14 17:38 antoine
0 siblings, 0 replies; only message in thread
From: antoine @ 2005-06-14 17:38 UTC (permalink / raw)
To: SELinux
Has anyone written a default policy for Java 1.5?
I've just made one for Java + Tomcat 5.5 and discovered a few things
along the way: Java1.5 needs write access to /dev/random! (even when
just running or compiling things - there is a bug id for this @sun), it
also tests to see if it can execute files in /tmp/!, etc
Also, has anyone looked at providing a JNI interface to libselinux?
I could find a few uses for this where the same java instance may be
used by different contexts and would need to rely on lower level code to
enforce file access (and provide another layer of protection for file
paths trickery). It would need some fairly tight integration between the
domains and the Java code but it could be quite useful. An example of
this would be webapps in tomcat, but this could also be applied to
application contexts within the same webapp too.
Antoine
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-06-14 17:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-14 17:38 Java & SELinux? JNI? antoine
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.