tomcat_t domain made confined in RHEL 7.4

Solution Verified - Updated -

Issue

  • After updating the selinux-policy package to version 3.13.1-166.el7.noarch, tomcat service does not start any longer due to an AVC denial
  • SELinux does not allow the tomcat service to start after update to RHEL 7.4
  • SELinux denies the setsched permission for the tomcat_t domain
  • SELinux denies name_bind to jboss_management_port_t for tomcat_t
  • SELinux denies name_connect to mssql_port_t for tomcat_t
  • SELinux denies name_connect to mysql_port_t for tomcat_t
  • SELinux denies name_bind access on the tcp_socket port 8082
  • tomcat fails to start via the tomcat-jsvc service startup due to selinux denials
  • selinux blocks starting of the ocf:heartbeat:tomcat resource

Environment

RHEL 7.4
tomcat
selinux-policy-3.13.1-166.el7_4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content