selinux prevents tomcat from starting due to the setsched permission missing

Solution Verified - Updated -

Issue

  • selinux does not allow the tomcat service to start
  • selinux prevents tomcat_t domain from the setsched permission
  • After updating the selinux-policy package to version 3.13.1-166.el7.noarch, tomcat service does not start any longer due to an AVC denial

Environment

RHEL 7.4
selinux-policy-3.13.1-166.el7_4.4.noarch
tomcat-7.0.76-2.el7.noarch
java-1.8.0-ibm-1.8.0.4.10-1jpp.3.el7.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.