VisibleThread -
Help Center Find helpful articles on different VisibleThread Products


How to confine Java process

sudo yum install -y rpm-build policycoreutils-devel


  1. List unconfined java service
    ps -eZ | grep unconfined_service_t

2. Generate a default policy for because this is the script run from the systemd unit file visiblethread-docs.service.Note-n [policy name]
sepolicy generate --init -n vtdocs /opt/visiblethread/tomcat/bin/

3. The above command creates a script for your policy, so in this example it will Run it or if you want to add additional policies edit thevtdocs.tefile then run

4. Now the policy is installed, restart the service and run the grep again and you should get no results for java.
sudo systemctl restart visiblethread-docs
ps -eZ | grep unconfined_service_t

If you have any issues or questions, feel free to contact 

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.