*Tomcat* can now be started using *tomcat-jsvc* with *SELinux* in enforcing mode
In Red Hat Enterprise Linux 7.4, the `tomcat_t` unconfined domain was not correctly defined in the *SELinux* policy. Consequently, the *Tomcat* server cannot be started by the *tomcat-jsvc* service with *SELinux* in enforcing mode. This update allows the `tomcat_t` domain to use the `dac_override`, `setuid`, and `kill` capability rules. As a result, *Tomcat* is now able to start through *tomcat-jsvc* with *SELinux* in enforcing mode.