tomcat_t domain made confined in RHEL 7.4
Issue
- After updating the selinux-policy package to version 3.13.1-166.el7.noarch, tomcat service does not start any longer due to an AVC denial
- SELinux does not allow the tomcat service to start after update to RHEL 7.4
- SELinux denies the
setsched
permission for thetomcat_t
domain - SELinux denies
name_bind
tojboss_management_port_t
fortomcat_t
- SELinux denies
name_connect
tomssql_port_t
fortomcat_t
- SELinux denies
name_connect
tomysql_port_t
fortomcat_t
- SELinux denies
name_bind
access on thetcp_socket
port8082
- tomcat fails to start via the tomcat-jsvc service startup due to selinux denials
- selinux blocks starting of the ocf:heartbeat:tomcat resource
Environment
RHEL 7.4
tomcat
selinux-policy-3.13.1-166.el7_4.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.