-
Bug
-
Resolution: Done
-
Major
-
JWS 3.1.0 GA
-
None
-
-
-
-
-
-
Workaround Exists
-
+++ This bug was initially created as a clone of Bug #1491039 +++
SELinux is denying tomcat from binding to port 9999 for JMX, with the following AVC denial in /var/log/audit.log:
type=AVC msg=audit(1505248782.641:3017): avc: denied { name_bind } for pid=10189 comm="java" src=9999 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:jboss_management_port_t:s0 tclass=tcp_socket
This worked without issue in previous versions of the targeted policy.
Version-Release number of selected component (if applicable):
- selinux-policy-targeted-3.13.1-166.el7.noarch
- RHEL 7.4
How reproducible:
Always
Steps to Reproduce:
1. Create a new RHEL 7.4 machine
2. yum install tomcat
3. Add the following to /etc/sysconfig/tomcat
JAVA_OPTS="-Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.rmi.port=9999 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false "
4. systemctl start tomcat.service
Actual results:
AVC denial
Expected results:
A successful bind, like previous versions of the policy.
- is caused by
-
-
- Closed
-
- links to