Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: JWS 5.0_RHEL DR1
Affects Version/s: JWS 3.1.0 GA
Component/s: selinux, tomcat
Labels:
None

Target Release:

JWS 5.0_RHEL_GA

SFDC Cases Links:
SFDC Cases Counter:

Description

+++ This bug was initially created as a clone of Bug #1484572 +++
SELinux is denying tomcat from connecting to Microsoft SQL Server on port 1433, with the following AVC denial in /var/log/audit.log

type=AVC msg=audit(1503434074.102:50305): avc:  denied  { name_connect } for  pid=4488 comm="java" dest=1433 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:mssql_port_t:s0 tclass=tcp_socket

This worked without issue in previous versions of the targeted policy.

Version-Release number of selected component (if applicable):

selinux-policy-targeted-3.13.1-166.el7.noarch
RHEL 7.4

How reproducible:
Always

Steps to Reproduce:
1. Create a new RHEL 7.4 machine
2. yum install tomcat; systemctl start tomcat.service
3. Install a tomcat application that will connect to an existing MS SQL server.

Actual results:
AVC denial

Expected results:
A successful connection, like previous versions of the policy.

Attachments

Issue Links

is caused by

JWS-695 tomcat7_t and tomcat8_t domains are in unconfined_domain

Closed

links to

RH BZ 1484572

Activity

People

Assignee:: Coty Sutherland

Reporter:: Coty Sutherland

Tester:: Jan Onderka

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017/09/15 10:05 AM

Updated:: 2020/09/30 1:21 PM

Resolved:: 2018/02/28 8:55 AM