Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-1021

Systemd service unit can't start due to SELinux denial

XMLWordPrintable

    • 4
    • +
    • Hide

      Do not run `.postinstall.selinux` for JWS 5.0 until this issue has been resolved or a better workaround has been documented.

      Show
      Do not run `.postinstall.selinux` for JWS 5.0 until this issue has been resolved or a better workaround has been documented.
    • Hide
      1. Install JWS 5.0 from zip and configure
      2. Run .postinstall.systemd and enable jws5-tomcat.service
      3. run yum install -y selinux-policy-devel
      4. run: 
        cd <JWS_home>/tomcat/
sh .postinstall.selinux
cd selinux
make -f /usr/share/selinux/devel/Makefile
semodule -i jws5-tomcat.pp
      5. Apply SELinux contexts to tomcat folder: restorecon -r <JWS_home>/tomcat/
      6. run systemctl start jws5-tomcat.service
      Show
      Install JWS 5.0 from zip and configure Run .postinstall.systemd and enable jws5-tomcat.service run yum install -y selinux-policy-devel run: cd <JWS_home>/tomcat/ sh .postinstall.selinux cd selinux make -f /usr/share/selinux/devel/Makefile semodule -i jws5-tomcat.pp Apply SELinux contexts to tomcat folder: restorecon -r <JWS_home> /tomcat/ run systemctl start jws5-tomcat.service

      When trying to run jws 5.0 using systemd for .zip installs on RHEL 7, systemd is unable to execute tomcat/bin/startup.sh due to SELinux permissions once the postinstall has been set up.
      SELinux denial in the attached file.
      Looks like the wrong context is being applied:

      # ll -Z /opt/jws-5.0/tomcat/
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:jws5_tomcat_exec_t:s0 bin
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:usr_t:s0   conf
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:lib_t:s0   lib
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:jws5_tomcat_log_t:s0 logs
drwxr-xr-x. tomcat tomcat unconfined_u:object_r:usr_t:s0   selinux
drwxr-xr-x. tomcat tomcat unconfined_u:object_r:usr_t:s0   services
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:jws5_tomcat_cache_t:s0 temp
drwxrwxr-x. tomcat tomcat unconfined_u:object_r:jws5_tomcat_var_lib_t:s0 webapps
drwxr-x---. tomcat tomcat system_u:object_r:jws5_tomcat_cache_t:s0 work

        1. selinux.error
          2 kB

            rhn-support-csutherl Coty Sutherland
            tkelly@redhat.com Tyler Kelly (Inactive)
            Jan Onderka Jan Onderka
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: