[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: selinux issue

From: Daniel J Walsh <dwalsh redhat com>
To: John Oliver <joliver john-oliver net>
Cc: fedora-selinux-list redhat com
Subject: Re: selinux issue
Date: Thu, 12 Feb 2009 15:57:16 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Oliver wrote:
> On Tue, Feb 10, 2009 at 02:58:38PM -0500, Daniel J Walsh wrote:
>> # grep execstack /var/log/audit/audit.log | audit2allow -M myexecstack
>> # semodule -i myexecstack.pp
> 
> [root localhost ~]# semodule -i valicert.pp
> tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with
> a
> defined context in /etc/selinux/targeted/contexts/files/file_contexts,
> /usr/sbin/genhomedircon will not create a new context. This usually
> indicates an incorrectly defined system account.  If it is a system
> account please make sure its login shell is /sbin/nologin.
> 
> 
> The tomcat user appears to require a valid shell.  And I cannot find any
> reference to /usr/share/tomcat5 in
> /etc/selinux/targeted/contexts/files/file_contexts
> 
> Thanks!
> 
The conflict is /usr/share.  The parent to the homedir.

Can you setup tomcat5 with a UID < 500?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmUjSwACgkQrlYvE4MpobP5NACdH/USmuMmBybAk127mZvNaF1g
npUAoNbUimBXs+bqth2ONlwA4+XsQx+u
=np2Q
-----END PGP SIGNATURE-----

References:
- Re: selinux issue
  - From: John Oliver

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]