selinux issue
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 12 20:57:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Oliver wrote:
> On Tue, Feb 10, 2009 at 02:58:38PM -0500, Daniel J Walsh wrote:
>> # grep execstack /var/log/audit/audit.log | audit2allow -M myexecstack
>> # semodule -i myexecstack.pp
>
> [root at localhost ~]# semodule -i valicert.pp
> tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with
> a
> defined context in /etc/selinux/targeted/contexts/files/file_contexts,
> /usr/sbin/genhomedircon will not create a new context. This usually
> indicates an incorrectly defined system account. If it is a system
> account please make sure its login shell is /sbin/nologin.
>
>
> The tomcat user appears to require a valid shell. And I cannot find any
> reference to /usr/share/tomcat5 in
> /etc/selinux/targeted/contexts/files/file_contexts
>
> Thanks!
>
The conflict is /usr/share. The parent to the homedir.
Can you setup tomcat5 with a UID < 500?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmUjSwACgkQrlYvE4MpobP5NACdH/USmuMmBybAk127mZvNaF1g
npUAoNbUimBXs+bqth2ONlwA4+XsQx+u
=np2Q
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list