Bug 1485308 - [regression] tomcat fails to start via tomcat-jsvc service startup due to selinux denials [rhel-7.4.z]
Summary: [regression] tomcat fails to start via tomcat-jsvc service startup due to sel...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.4
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
Ioanna Gkioka
URL:
Whiteboard:
Depends On: 1470735
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-25 11:05 UTC by Oneata Mircea Teodor
Modified: 2018-03-12 11:53 UTC (History)
16 users (show)

Fixed In Version: selinux-policy-3.13.1-166.el7_4.4
Doc Type: Bug Fix
Doc Text:
In Red Hat Enterprise Linux 7.4, the Tomcat server was not running unconfined, and SELinux security policy was enforced by SELinux. As a consequence, Tomcat failed to start through the tomcat-jsvc service due to SELinux. This update allows the tomcat_t SELinux domain to use the dac_override, setuid, kill capability rules. As a result, Tomcat starts correctly through tomcat-jsvc with SELinux in enforcing mode.
Clone Of: 1470735
Environment:
Last Closed: 2017-09-05 11:26:11 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2579 0 normal SHIPPED_LIVE selinux-policy bug fix update 2017-09-05 15:18:28 UTC

Description Oneata Mircea Teodor 2017-08-25 11:05:30 UTC 
This bug has been copied from bug #1470735 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 5 errata-xmlrpc 2017-09-05 11:26:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2579
Note You need to log in before you can comment on or make changes to this bug.