VisibleThread -
Help Center Find helpful articles on different VisibleThread Products

Follow

How to confine Java process

Pre-req:
sudo yum install -y rpm-build policycoreutils-devel

 

  1. List unconfined java service
    ps -eZ | grep unconfined_service_t

2. Generate a default policy for catalina.sh because this is the script run from the systemd unit file visiblethread-docs.service.Note-n [policy name]
sepolicy generate --init -n vtdocs /opt/visiblethread/tomcat/bin/catalina.sh

3. The above command creates a script for your policy, so in this example it will bevtdocs.sh. Run it or if you want to add additional policies edit thevtdocs.tefile then run thevtdocs.sh
./vtdocs.sh

4. Now the policy is installed, restart the service and run the grep again and you should get no results for java.
sudo systemctl restart visiblethread-docs
ps -eZ | grep unconfined_service_t

If you have any issues or questions, feel free to contact support@visiblethread.com 

Was this article helpful?
0 out of 0 found this helpful

Get Additional Help

Visit our Helpdesk for additional help and support.