Description of problem: After initial setup of pki-tks (-> wizard) was done, I restarted the pki-tks service unsuccessfull. SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java from 'getattr' accesses on the directory /var/cache/tomcat6/temp. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that java should be allowed getattr access on the temp directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep java /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:pki_tks_t:s0 Target Context system_u:object_r:tomcat_cache_t:s0 Target Objects /var/cache/tomcat6/temp [ dir ] Source java Source Path /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jr e/bin/java Port <Unknown> Host (removed) Source RPM Packages java-1.7.0-openjdk-1.7.0.25-2.3.10.3.fc17.x86_64 Target RPM Packages tomcat6-6.0.35-1.fc17.noarch Policy RPM selinux-policy-3.10.0-170.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.8-100.fc17.x86_64 #1 SMP Thu Jun 27 19:19:57 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-07-04 16:02:18 CEST Last Seen 2013-07-04 16:02:18 CEST Local ID d6a18be0-8adb-441d-a3ff-872f098164c6 Raw Audit Messages type=AVC msg=audit(1372946538.89:256): avc: denied { getattr } for pid=7421 comm="java" path="/var/cache/tomcat6/temp" dev="dm-1" ino=528473 scontext=system_u:system_r:pki_tks_t:s0 tcontext=system_u:object_r:tomcat_cache_t:s0 tclass=dir type=SYSCALL msg=audit(1372946538.89:256): arch=x86_64 syscall=stat success=no exit=EACCES a0=7f56882e6a60 a1=7f568cb44f10 a2=7f568cb44f10 a3=18 items=0 ppid=1 pid=7421 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 ses=4294967295 tty=(none) comm=java exe=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/bin/java subj=system_u:system_r:pki_tks_t:s0 key=(null) Hash: java,pki_tks_t,tomcat_cache_t,dir,getattr audit2allow #============= pki_tks_t ============== allow pki_tks_t tomcat_cache_t:dir getattr; audit2allow -R #============= pki_tks_t ============== allow pki_tks_t tomcat_cache_t:dir getattr; Additional info: hashmarkername: setroubleshoot kernel: 3.9.8-100.fc17.x86_64 type: libreport
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.