On Apr 3, 2017 21:35, "Rahmadi Trimananda" <[email protected]> wrote:
Umm, how's the easiest way to permit that one? Do I need to create a local policy or can I just use a command line? Sorry I am really a newbie. :) That would be a command, but the logs you provided should be enough. I am using javac 1.8.0_65. It is the same version for the "java" program. java version "1.8.0_65" Java(TM) SE Runtime Environment (build 1.8.0_65-b17) Java HotSpot(TM) Client VM (build 25.65-b01, mixed mode) On Mon, Apr 3, 2017 at 7:52 PM, Russell Coker <[email protected]> wrote: > On Tue, 4 Apr 2017 12:35:47 PM Rahmadi Trimananda wrote: > > I have more error messages from /var/log/audit/audit.log if this is of > any > > use for you. And yeah, it works in permissive mode (sudo setenforce 0). > > BTW, what do you mean by "run javac in strace"? > > > > iotuser@raspberrypi:~/policy $ sudo cat /var/log/audit/audit.log | grep > > javac > > type=AVC msg=audit(1491260813.624:793): avc: denied { mmap_zero } for > > pid=1656 comm="javac" > > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > tclass=memprotect permissive=0 > > Try permitting that one and see if it changes things. What version of > javac > are you using? Is it an old version? > > Also when posting such things to the list please include the output of > auditallow as well as the raw AVC messages whenever you send more than 2-3 > entries. When your MUA wraps the lines the result isn't accepted by > audit2allow and that makes it less convenient for us to process your > messages > (usually audit2allow output is more useful than reading raw AVC log > entries). > > If there is only a single AVC message then we can all run audit2allow in > our > heads. ;) > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ > -- Kind regards, Rahmadi Trimananda Ph.D. student @ University of California, Irvine "Stay hungry, stay foolish!" - Steve Jobs - _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
_______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
