Q:java based application

[freedom1b2830]

Good day. There is a question about how to implement this:

The program is based on java code, running under elf64 binary file ide_exec_t
bin_t->ide_exec_t(+java_t) ->ide_t
How to grant permissions from java_t domain so that child processes don't have execstack permission

Related question about java_t, its execstack permission, what to do with it. This permission is related to libjvm.so when running java_exec_t

[pebenito]

java_t does not have execstack by default, you have to enable the allow_java_execstack boolean.

Related question about java_t, its execstack permission, what to do with it. This permission is related to libjvm.so when running java_exec_t

I don't understand the question.

[freedom1b2830]

I rethought my question.

1)how to define ide_t domain as java application
user_t->ide_exec_t->ide_t (java template)

2. about execstack:
   with java running, need execstack call by libjvm.so
   you can't help here, it's a java problem (

[pebenito]

it sounds like you should add allow ide_t self:process execstack;

[freedom1b2830]

How to declare domain for java application?

[pebenito]

There is no special way to declare a domain for java.