Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 726031

Summary: tomcat6 can not run successfully under mls policy
Product: Red Hat Enterprise Linux 6 Reporter: benedictziv
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: dwalsh, mmalik, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-107.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-21 13:50:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description benedictziv 2011-07-27 11:19:35 UTC 
Description of problem:

When i start tomcat6 with command "service tomcat6 start " or "run_init service tomcat6 start" ,the tomcat6 was running under the context of "system_u:system_r:unconfined_java_t" and the web's applications can't run successfully.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.install tomcat
2.deploy a jsp web
3.use run_init to start the tomcat and visit it 
  
Actual results:

can't visit the web page in enforcing mode.

Expected results:


Additional info:

type=AVC msg=audit(1311756591.677:26951): avc:  denied  { search } for  pid=3802 comm="java" name="lib" dev=dm-0 ino=261122 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=AVC msg=audit(1311756591.677:26951): avc:  denied  { read } for  pid=3802 comm="java" name="webapps" dev=dm-0 ino=667388 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=AVC msg=audit(1311756591.677:26951): avc:  denied  { open } for  pid=3802 comm="java" name="webapps" dev=dm-0 ino=667388 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=AVC msg=audit(1311756591.677:26953): avc:  denied  { search } for  pid=3802 comm="java" name="www" dev=dm-0 ino=268005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756591.677:26953): avc:  denied  { getattr } for  pid=3802 comm="java" path="/var/www/html/jsp3/WEB-INF/lib/FCKeditor-2.3.jar" dev=dm-0 ino=300602 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1311756591.678:26954): avc:  denied  { read } for  pid=3802 comm="java" name="FCKeditor-2.3.jar" dev=dm-0 ino=300602 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1311756591.678:26955): avc:  denied  { getattr } for  pid=3802 comm="java" path="/var/www" dev=dm-0 ino=268005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756591.679:26956): avc:  denied  { read } for  pid=3802 comm="java" name="lib" dev=dm-0 ino=302718 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756591.679:26957): avc:  denied  { open } for  pid=3802 comm="java" name="lib" dev=dm-0 ino=302718 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756591.611:26958): avc:  denied  { rlimitinh } for  pid=4033 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s15:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756591.611:26958): avc:  denied  { siginh } for  pid=4033 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s15:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756591.611:26958): avc:  denied  { noatsecure } for  pid=4033 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s15:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756625.198:26961): avc:  denied  { rlimitinh } for  pid=4104 comm="run_init" scontext=root:sysadm_r:sysadm_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756625.198:26961): avc:  denied  { siginh } for  pid=4104 comm="run_init" scontext=root:sysadm_r:sysadm_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756625.198:26961): avc:  denied  { noatsecure } for  pid=4104 comm="run_init" scontext=root:sysadm_r:sysadm_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756625.614:26962): avc:  denied  { search } for  pid=4104 comm="run_init" name="dbus" dev=dm-0 ino=264528 scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
type=AVC msg=audit(1311756625.614:26962): avc:  denied  { write } for  pid=4104 comm="run_init" name="system_bus_socket" dev=dm-0 ino=299577 scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1311756625.614:26962): avc:  denied  { connectto } for  pid=4104 comm="run_init" path="/var/run/dbus/system_bus_socket" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023 tclass=unix_stream_socket
type=AVC msg=audit(1311756626.392:26966): avc:  denied  { rlimitinh } for  pid=4107 comm="unix_chkpwd" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:chkpwd_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756626.392:26966): avc:  denied  { siginh } for  pid=4107 comm="unix_chkpwd" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:chkpwd_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756626.392:26966): avc:  denied  { noatsecure } for  pid=4107 comm="unix_chkpwd" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=root:sysadm_r:chkpwd_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756628.633:26969): avc:  denied  { rlimitinh } for  pid=4104 comm="open_init_pty" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756628.633:26969): avc:  denied  { siginh } for  pid=4104 comm="open_init_pty" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756628.633:26969): avc:  denied  { noatsecure } for  pid=4104 comm="open_init_pty" scontext=root:sysadm_r:run_init_t:s0-s15:c0.c1023 tcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756629.370:26972): avc:  denied  { rlimitinh } for  pid=4142 comm="hostname" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:hostname_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756629.370:26972): avc:  denied  { noatsecure } for  pid=4142 comm="hostname" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:hostname_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756629.864:26973): avc:  denied  { read write } for  pid=4158 comm="java" path="/dev/pts/0" dev=devpts ino=3 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:initrc_devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1311756629.864:26973): avc:  denied  { rlimitinh } for  pid=4158 comm="java" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756629.864:26973): avc:  denied  { noatsecure } for  pid=4158 comm="java" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756629.948:26974): avc:  denied  { execute_no_trans } for  pid=4158 comm="java" path="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java" dev=dm-0 ino=158371 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=file
type=AVC msg=audit(1311756630.023:26975): avc:  denied  { search } for  pid=4169 comm="java" name="/" dev=sysfs ino=1 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
type=AVC msg=audit(1311756630.023:26975): avc:  denied  { read } for  pid=4169 comm="java" name="cpu" dev=sysfs ino=22 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
type=AVC msg=audit(1311756630.023:26975): avc:  denied  { open } for  pid=4169 comm="java" name="cpu" dev=sysfs ino=22 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
type=AVC msg=audit(1311756630.023:26976): avc:  denied  { read } for  pid=4169 comm="java" name="meminfo" dev=proc ino=4026532015 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1311756630.023:26976): avc:  denied  { open } for  pid=4169 comm="java" name="meminfo" dev=proc ino=4026532015 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1311756630.023:26977): avc:  denied  { getattr } for  pid=4169 comm="java" path="/proc/meminfo" dev=proc ino=4026532015 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1311756630.054:26978): avc:  denied  { search } for  pid=4169 comm="java" name="nscd" dev=dm-0 ino=270054 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir
type=AVC msg=audit(1311756630.054:26979): avc:  denied  { read } for  pid=4169 comm="java" name="nsswitch.conf" dev=dm-0 ino=391770 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1311756630.054:26979): avc:  denied  { open } for  pid=4169 comm="java" name="nsswitch.conf" dev=dm-0 ino=391770 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1311756630.054:26980): avc:  denied  { getattr } for  pid=4169 comm="java" path="/etc/nsswitch.conf" dev=dm-0 ino=391770 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1311756630.054:26981): avc:  denied  { read } for  pid=4169 comm="java" name="hsperfdata_tomcat" dev=dm-0 ino=667278 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756630.073:26982): avc:  denied  { signull } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756630.073:26983): avc:  denied  { write } for  pid=4169 comm="java" name="hsperfdata_tomcat" dev=dm-0 ino=667278 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756630.073:26983): avc:  denied  { add_name } for  pid=4169 comm="java" name="4168" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756630.073:26983): avc:  denied  { create } for  pid=4169 comm="java" name="4168" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756630.073:26983): avc:  denied  { read write open } for  pid=4169 comm="java" name="4168" dev=dm-0 ino=660834 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756630.073:26984): avc:  denied  { execmem } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756630.100:26985): avc:  denied  { search } for  pid=4169 comm="java" name="locale" dev=dm-0 ino=916954 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=dir
type=AVC msg=audit(1311756630.100:26985): avc:  denied  { read } for  pid=4169 comm="java" name="locale-archive" dev=dm-0 ino=918297 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=file
type=AVC msg=audit(1311756630.100:26985): avc:  denied  { open } for  pid=4169 comm="java" name="locale-archive" dev=dm-0 ino=918297 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=file
type=AVC msg=audit(1311756630.100:26986): avc:  denied  { getattr } for  pid=4169 comm="java" path="/usr/lib/locale/locale-archive" dev=dm-0 ino=918297 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=file
type=AVC msg=audit(1311756630.130:26987): avc:  denied  { getattr } for  pid=4169 comm="java" path="/usr/share/tomcat6/bin/bootstrap.jar" dev=dm-0 ino=21762 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=AVC msg=audit(1311756630.130:26988): avc:  denied  { read } for  pid=4169 comm="java" name="bootstrap.jar" dev=dm-0 ino=21762 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=AVC msg=audit(1311756630.130:26989): avc:  denied  { getattr } for  pid=4169 comm="java" path="/usr/share/tomcat6/bin/bootstrap-6.0.24.jar" dev=dm-0 ino=21761 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1311756630.132:26990): avc:  denied  { getattr } for  pid=4169 comm="java" path="/usr/share/java/commons-daemon.jar" dev=dm-0 ino=955750 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
type=AVC msg=audit(1311756630.132:26991): avc:  denied  { read } for  pid=4169 comm="java" name="commons-daemon.jar" dev=dm-0 ino=955750 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
type=AVC msg=audit(1311756630.138:26992): avc:  denied  { read } for  pid=4169 comm="java" name="bootstrap-6.0.24.jar" dev=dm-0 ino=21761 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1311756630.138:26992): avc:  denied  { open } for  pid=4169 comm="java" name="bootstrap-6.0.24.jar" dev=dm-0 ino=21761 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1311756630.150:26993): avc:  denied  { getattr } for  pid=4169 comm="java" path="/dev/random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.150:26994): avc:  denied  { getattr } for  pid=4169 comm="java" path="/dev/urandom" dev=devtmpfs ino=3598 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.151:26995): avc:  denied  { read } for  pid=4169 comm="java" name="random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.151:26995): avc:  denied  { open } for  pid=4169 comm="java" name="random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.151:26996): avc:  denied  { read } for  pid=4169 comm="java" name="urandom" dev=devtmpfs ino=3598 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.151:26996): avc:  denied  { open } for  pid=4169 comm="java" name="urandom" dev=devtmpfs ino=3598 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756630.534:26997): avc:  denied  { create } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.535:26998): avc:  denied  { read } for  pid=4169 comm="java" name="if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756630.535:26998): avc:  denied  { open } for  pid=4169 comm="java" name="if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756630.535:26999): avc:  denied  { getattr } for  pid=4169 comm="java" path="/proc/4168/net/if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756630.537:27000): avc:  denied  { create } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.537:27001): avc:  denied  { bind } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.538:27002): avc:  denied  { getattr } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.538:27003): avc:  denied  { write } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.538:27003): avc:  denied  { nlmsg_read } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.539:27004): avc:  denied  { read } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=netlink_route_socket
type=AVC msg=audit(1311756630.576:27005): avc:  denied  { read } for  pid=4169 comm="java" name="resolv.conf" dev=dm-0 ino=428217 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
type=AVC msg=audit(1311756630.576:27005): avc:  denied  { open } for  pid=4169 comm="java" name="resolv.conf" dev=dm-0 ino=428217 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
type=AVC msg=audit(1311756630.576:27006): avc:  denied  { getattr } for  pid=4169 comm="java" path="/etc/resolv.conf" dev=dm-0 ino=428217 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
type=AVC msg=audit(1311756630.609:27007): avc:  denied  { listen } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.609:27008): avc:  denied  { getattr } for  pid=4169 comm="java" lport=39503 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.609:27009): avc:  denied  { connect } for  pid=4169 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.609:27009): avc:  denied  { name_connect } for  pid=4169 comm="java" dest=39503 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756630.612:27010): avc:  denied  { accept } for  pid=4169 comm="java" lport=39503 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.612:27011): avc:  denied  { shutdown } for  pid=4169 comm="java" laddr=::1 lport=34577 faddr=::1 fport=39503 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.618:27012): avc:  denied  { write } for  pid=4169 comm="java" laddr=::ffff:127.0.0.1 lport=46494 faddr=::ffff:127.0.0.1 fport=8005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.618:27013): avc:  denied  { read } for  pid=3790 comm="java" laddr=::ffff:127.0.0.1 lport=8005 faddr=::ffff:127.0.0.1 fport=46494 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.620:27014): avc:  denied  { setopt } for  pid=3790 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.622:27015): avc:  denied  { name_connect } for  pid=3790 comm="java" dest=8080 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756630.624:27016): avc:  denied  { getopt } for  pid=3790 comm="java" laddr=::ffff:127.0.0.1 lport=53194 faddr=::ffff:127.0.0.1 fport=8080 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756630.640:27017): avc:  denied  { name_connect } for  pid=3790 comm="java" dest=8009 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756630.646:27018): avc:  denied  { remove_name } for  pid=4169 comm="java" name="4168" dev=dm-0 ino=660834 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756630.646:27018): avc:  denied  { unlink } for  pid=4169 comm="java" name="4168" dev=dm-0 ino=660834 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756631.645:27021): avc:  denied  { write } for  pid=3790 comm="java" name="_" dev=dm-0 ino=783390 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1311756631.645:27021): avc:  denied  { add_name } for  pid=3790 comm="java" name="SESSIONS.ser" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1311756631.645:27021): avc:  denied  { create } for  pid=3790 comm="java" name="SESSIONS.ser" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756631.645:27021): avc:  denied  { write open } for  pid=3790 comm="java" name="SESSIONS.ser" dev=dm-0 ino=783373 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756631.647:27022): avc:  denied  { getattr } for  pid=3790 comm="java" path="/var/cache/tomcat6/work/Catalina/localhost/_/SESSIONS.ser" dev=dm-0 ino=783373 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756631.718:27023): avc:  denied  { search } for  pid=3790 comm="java" name="www" dev=dm-0 ino=268005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756631.720:27024): avc:  denied  { open } for  pid=3790 comm="java" name="FCKeditor-2.3.jar" dev=dm-0 ino=300602 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1311756632.358:27025): avc:  denied  { write } for  pid=3790 comm="java" name="hsperfdata_tomcat" dev=dm-0 ino=667278 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756632.358:27025): avc:  denied  { remove_name } for  pid=3790 comm="java" name="3787" dev=dm-0 ino=667279 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756632.358:27025): avc:  denied  { unlink } for  pid=3790 comm="java" name="3787" dev=dm-0 ino=667279 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756632.962:27028): avc:  denied  { rlimitinh } for  pid=4210 comm="hostname" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:hostname_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756632.962:27028): avc:  denied  { noatsecure } for  pid=4210 comm="hostname" scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:system_r:hostname_t:s0-s15:c0.c1023 tclass=process
type=AVC msg=audit(1311756632.986:27029): avc:  denied  { read write } for  pid=4226 comm="java" path="/dev/pts/0" dev=devpts ino=3 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:initrc_devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1311756632.989:27030): avc:  denied  { execute_no_trans } for  pid=4226 comm="java" path="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java" dev=dm-0 ino=158371 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:java_exec_t:s0 tclass=file
type=AVC msg=audit(1311756633.019:27033): avc:  denied  { read } for  pid=4240 comm="java" name="hsperfdata_tomcat" dev=dm-0 ino=667278 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756633.021:27034): avc:  denied  { add_name } for  pid=4240 comm="java" name="4236" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1311756633.021:27034): avc:  denied  { create } for  pid=4240 comm="java" name="4236" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756633.021:27034): avc:  denied  { read write open } for  pid=4240 comm="java" name="4236" dev=dm-0 ino=660834 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1311756633.097:27035): avc:  denied  { getattr } for  pid=4240 comm="java" path="/dev/random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756633.097:27036): avc:  denied  { read } for  pid=4240 comm="java" name="random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756633.097:27036): avc:  denied  { open } for  pid=4240 comm="java" name="random" dev=devtmpfs ino=3597 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file
type=AVC msg=audit(1311756633.124:27037): avc:  denied  { read } for  pid=4240 comm="java" name="zoneinfo" dev=dm-0 ino=914921 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=dir
type=AVC msg=audit(1311756633.124:27037): avc:  denied  { open } for  pid=4240 comm="java" name="zoneinfo" dev=dm-0 ino=914921 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=dir
type=AVC msg=audit(1311756633.128:27038): avc:  denied  { getattr } for  pid=4240 comm="java" path="/usr/share/zoneinfo/Canada" dev=dm-0 ino=915162 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=dir
type=AVC msg=audit(1311756633.130:27039): avc:  denied  { getattr } for  pid=4240 comm="java" path="/usr/share/javazi/ZoneInfoMappings" dev=dm-0 ino=143358 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC msg=audit(1311756633.136:27040): avc:  denied  { read } for  pid=4240 comm="java" name="ZoneInfoMappings" dev=dm-0 ino=143358 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC msg=audit(1311756633.136:27040): avc:  denied  { open } for  pid=4240 comm="java" name="ZoneInfoMappings" dev=dm-0 ino=143358 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC msg=audit(1311756633.146:27041): avc:  denied  { search } for  pid=4240 comm="java" name="log" dev=dm-0 ino=262733 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_log_t:s0-s15:c0.c1023 tclass=dir
type=AVC msg=audit(1311756633.146:27041): avc:  denied  { getattr } for  pid=4240 comm="java" path="/var/log/tomcat6" dev=dm-0 ino=667389 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=AVC msg=audit(1311756633.148:27042): avc:  denied  { search } for  pid=4240 comm="java" name="tomcat6" dev=dm-0 ino=667389 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=AVC msg=audit(1311756634.599:27043): avc:  denied  { create } for  pid=4240 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.599:27044): avc:  denied  { read } for  pid=4240 comm="java" name="if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756634.599:27044): avc:  denied  { open } for  pid=4240 comm="java" name="if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756634.599:27045): avc:  denied  { getattr } for  pid=4240 comm="java" path="/proc/4236/net/if_inet6" dev=proc ino=4026532410 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
type=AVC msg=audit(1311756634.599:27046): avc:  denied  { listen } for  pid=4240 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.599:27047): avc:  denied  { getattr } for  pid=4240 comm="java" lport=43128 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.601:27048): avc:  denied  { connect } for  pid=4240 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.601:27049): avc:  denied  { accept } for  pid=4240 comm="java" lport=43128 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.601:27050): avc:  denied  { shutdown } for  pid=4240 comm="java" laddr=::1 lport=48766 faddr=::1 fport=43128 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.603:27051): avc:  denied  { setopt } for  pid=4240 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.603:27052): avc:  denied  { bind } for  pid=4240 comm="java" scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.603:27052): avc:  denied  { name_bind } for  pid=4240 comm="java" src=8080 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756634.603:27052): avc:  denied  { node_bind } for  pid=4240 comm="java" src=8080 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:node_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756634.673:27053): avc:  denied  { getattr } for  pid=4240 comm="java" path="/var/lib" dev=dm-0 ino=261122 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=AVC msg=audit(1311756634.677:27054): avc:  denied  { getattr } for  pid=4240 comm="java" path="/var/www" dev=dm-0 ino=268005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756634.716:27055): avc:  denied  { read } for  pid=4240 comm="java" name="jsp3" dev=dm-0 ino=302569 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756634.749:27056): avc:  denied  { open } for  pid=4240 comm="java" name="lib" dev=dm-0 ino=302718 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756635.023:27057): avc:  denied  { read } for  pid=4240 comm="java" name="SESSIONS.ser" dev=dm-0 ino=783373 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756635.083:27058): avc:  denied  { remove_name } for  pid=4240 comm="java" name="SESSIONS.ser" dev=dm-0 ino=783373 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1311756635.083:27058): avc:  denied  { unlink } for  pid=4240 comm="java" name="SESSIONS.ser" dev=dm-0 ino=783373 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756635.107:27059): avc:  denied  { read } for  pid=4240 comm="java" name="_" dev=dm-0 ino=783390 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1311756635.202:27060): avc:  denied  { name_bind } for  pid=4240 comm="java" src=8009 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756635.240:27061): avc:  denied  { name_bind } for  pid=4240 comm="java" src=8005 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
type=AVC msg=audit(1311756640.017:27062): avc:  denied  { read } for  pid=4255 comm="java" laddr=::ffff:127.0.0.1 lport=8009 faddr=::ffff:127.0.0.1 fport=34097 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756640.246:27063): avc:  denied  { write } for  pid=4255 comm="java" laddr=::ffff:127.0.0.1 lport=8009 faddr=::ffff:127.0.0.1 fport=34097 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1311756697.121:27064): avc:  denied  { write } for  pid=4254 comm="java" name="Image" dev=dm-0 ino=302720 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=AVC msg=audit(1311756697.121:27064): avc:  denied  { rename } for  pid=4254 comm="java" name="upload_00000000.tmp" dev=dm-0 ino=667279 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1311756717.174:27065): avc:  denied  { read } for  pid=4261 comm="java" name="work" dev=dm-0 ino=21771 scontext=system_u:system_r:unconfined_java_t:s0-s15:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
Comment 2 benedictziv 2011-07-27 11:25:23 UTC 
I wonder wether it is needed to write some policy for tomcat like apache.let the tomcat run in the type of tomcat_t or other special type.
Comment 4 Daniel Walsh 2011-07-29 12:50:20 UTC 
unconfined_java_t should not even exist on an MLS box.  There should be no unconfined domains.

The proper way to handle this would be to leave java in the initrc_t domain.
Comment 5 Miroslav Grepl 2011-07-29 13:07:18 UTC 
Yes, but the problem is we have

type unconfined_java_t;
init_system_domain(unconfined_java_t, java_exec_t)


So this should be only for targeted policy.
Comment 6 Daniel Walsh 2011-07-29 13:30:50 UTC 
Yes.
Comment 7 Daniel Walsh 2011-07-29 13:31:52 UTC 
I actually think we should start pulling back from running java from init scripts altogether.  And allow initrc_t execmem execstack if the unconfined module is installed.
Comment 9 Miroslav Grepl 2011-08-10 15:57:49 UTC 
Fixed in selinux-policy-3.7.19-107.el6
Comment 11 benedictziv 2011-08-26 02:19:43 UTC 
I wonder whether it is necessary to write a module for tomcat6 to let tomcat6 run in a domain like tomcat6_t.
Comment 14 Miroslav Grepl 2011-10-21 12:24:24 UTC 
tomcat6 is running as initrc_t in MLS which is correct. Which means we don't support it in MLS.
Comment 16 Daniel Walsh 2011-10-21 13:50:09 UTC 
We do not support all domains in MLS policy.