tomcat_t domain made confined in RHEL 7.4

Solution Verified - Updated -

Issue

  • After updating the selinux-policy package to version 3.13.1-166.el7.noarch, tomcat service does not start any longer due to an AVC denial
  • SELinux does not allow the tomcat service to start after update to RHEL 7.4
  • SELinux denies the setsched permission for the tomcat_t domain
  • SELinux denies name_bind to jboss_management_port_t for tomcat_t
  • SELinux denies name_connect to mssql_port_t for tomcat_t
  • SELinux denies name_connect to mysql_port_t for tomcat_t
  • SELinux denies name_bind access on the tcp_socket port 8082
  • tomcat fails to start via the tomcat-jsvc service startup due to selinux denials
  • selinux blocks starting of the ocf:heartbeat:tomcat resource

Environment

RHEL 7.4
tomcat
selinux-policy-3.13.1-166.el7_4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In