What is the safe way to allow Java 7 to run on SELinux

Short version: What is the most secure way to allow Java 7 to run on (with?) SELinux?

Long version:

Sorry in advance if I use incorrect terminology. I'm really just a Java developer with a meager smattering of Linux skills.

I just installed Java 7 on CentOS release 5.3 (Final) that is apparently has Security Enhanced Linux. After the install was complete (which I "installed" by unzipping the tar.gz file from Oracle in /usr/java/jdk/jdk1.7.0_25), I ran java -version and got this error:

Error: dl failure on line 864 Error: failed /usr/java/jdk1.7.0_25/jre/lib/i386/server/libjvm.so,       because /usr/java/jdk1.7.0_25/jre/lib/i386/server/libjvm.so:       cannot restore segment prot after reloc: Permission denied` 

I found a few articles stating this can be due to SELinux and to try setenforce 0 and see if the problem goes away. I ran that command and Java worked. But these same articles say that leaving setenforce 0 on an Internet connected host is dangerous, and my host is connected to the Internet.

There are other articles that suggest this next approach, but also say it can be dangerous, so I haven't tried it yet.

chcon -t textrel_shlib_t /usr/jre1.7.0_10/lib/i386/client/libjvm.so 

...in the above command the path at the end of the command is replaced with the path of my JDK.

What I can't find is something "official" (which can mean many things) on how to run Java 7 on (with?) SELinux safely. Does anyone have any information for me?

Edit: I discovered an article that referred to editing /etc/selinux/config. I have set as shown in the sample below. This allows Java to run but I assume I now have some security holes.

# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: #       enforcing - SELinux security policy is enforced. #       permissive - SELinux prints warnings instead of enforcing. #       disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: #       targeted - Only targeted network daemons are protected. #       strict - Full SELinux protection. SELINUXTYPE=targeted 

Replay

  1. Clean up the current installation
  2. Download the RPM file (http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html)
    yum -y localinstall /path/to/downloaded-java.rpm
    
    

rest will be taken care.

Category: linux Time: 2013-08-02 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.138 (s). 12 q(s)