Bug 241771

Summary: tomcat fails to use old session data
Product: [Fedora] Fedora Reporter: Steve Friedman <steve>
Component: tomcat5Assignee: Vivek Lakshmanan <viveklak>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: lkundrak
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-06 19:38:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
directory listing none

Description Steve Friedman 2007-05-30 14:44:05 UTC 
Description of problem:
I had a pair of servlets that were correctly operating prior to the recent
tomcat upgrade (installed by yum on 22May) that no longer start.  I am now
getting the following errors in catalina.out (note that there were no matching
errors in either /var/log/messages or /var/log/audit/audit.log):

SEVERE: IOException while saving persisted sessions:
java.io.FileNotFoundException:
/usr/share/tomcat5/work/Catalina/localhost/pmei/SESSIONS.ser (permission denied)

SEVERE: Exception unloading sessions to persistent storage
(same FNFE as above)

(see attached log for further details)
(one other oddity is the line:
  ow: ow-ha.cfg -> /usr/share/tomcat5/ow-ha.cfg
because, in the previous version of tomcat it was:
  ow: ow-ha.cfg -> /root/ow-ha.cfg

I marked this bug confidential as I am providing my unedited log file and I
don't feel like going through the co-ordination process required necessary to
make this log file available to the public.

Finally, I don't know what the labelling on the directories were prior to the
upgrade, but I am also attaching those listings in a follow-up.

Version-Release number of selected component (if applicable):
tomcat5-5.5.23-0jpp.2.fc6

How reproducible:
Every time.

Steps to Reproduce:
1. /etc/init.d/tomcat5 restart
2.
3.
  
Actual results:
See attached log file

Expected results:
Servlets start as expected.

Additional info:
Comment 1 Steve Friedman 2007-05-30 14:44:05 UTC 
Created attachment 155692 [details]
log file
Comment 2 Steve Friedman 2007-05-30 14:46:30 UTC 
Created attachment 155693 [details]
directory listing

Proof that the directories / files exist.  Again, note that selinux didn't log
anything.
Comment 3 Steve Friedman 2007-05-30 15:22:08 UTC 
Reverting to tomcat5-5.5.17-6jpp.2 resolved the file / session problems.
Comment 4 Steve Friedman 2007-05-30 19:30:56 UTC 
You can ignore the comment regarding the ow-ha.cfg oddity.  This was caused
because one servlet that I have opens a port below 1024 and I was getting a
permission error unless TOMCAT_USER was root.  The update moved my tomcat5.conf
to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
that problem.
Comment 5 Vivek Lakshmanan 2007-05-31 19:03:08 UTC 
(In reply to comment #4)
> You can ignore the comment regarding the ow-ha.cfg oddity.  This was caused
> because one servlet that I have opens a port below 1024 and I was getting a
> permission error unless TOMCAT_USER was root.  The update moved my tomcat5.conf
> to tomcat5.conf.rpmsave and thus TOMCAT_USER was "tomcat" again and thus created
> that problem.

Did you try running 5.5.23 with TOMCAT_USER set to root as well? From your
comments, it doesnt seem like it... The files are clearly owned by root and
5.5.23 (as most previous releases of tomcat on fedora) are run as tomcat by
default...
Comment 6 Steve Friedman 2007-06-01 15:32:19 UTC 
Actually, I reverted in comment 3 (which caused the session problem to resolve)
even though TOMCAT_USER=tomcat; then, realizing that I wasn't able to bind to
port 53/udp, modified TOMCAT_USER, and later remembered to post comment 4.  But,
today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.
 I'm busy with other things today, but hopefully next week I'll get around to
doing what I know I should have done all along (namely use iptables to redirect
port 53/udp to a high numbered port and run tomcat as an unprivileged user) and
report back.
Comment 7 Lubomir Kundrak 2008-04-08 12:59:43 UTC 
(In reply to comment #6)
> But,
> today I reinstalled 5.5.23 and (even though TOMCAT_USER="root"), it didn't work.

Sounds like SELinux might be disallowing those accesses. Have you had any AVC
denials?
Comment 8 Bug Zapper 2008-05-06 19:38:28 UTC 
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.