On Tue, Feb 10, 2009 at 02:58:38PM -0500, Daniel J Walsh wrote:
# grep execstack /var/log/audit/audit.log | audit2allow -M myexecstack # semodule -i myexecstack.pp
[root@localhost ~]# semodule -i valicert.pp tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with a defined context in /etc/selinux/targeted/contexts/files/file_contexts, /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
The tomcat user appears to require a valid shell. And I cannot find any reference to /usr/share/tomcat5 in /etc/selinux/targeted/contexts/files/file_contexts
Thanks!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John Oliver wrote:
On Tue, Feb 10, 2009 at 02:58:38PM -0500, Daniel J Walsh wrote:
# grep execstack /var/log/audit/audit.log | audit2allow -M myexecstack # semodule -i myexecstack.pp
[root@localhost ~]# semodule -i valicert.pp tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with a defined context in /etc/selinux/targeted/contexts/files/file_contexts, /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.
The tomcat user appears to require a valid shell. And I cannot find any reference to /usr/share/tomcat5 in /etc/selinux/targeted/contexts/files/file_contexts
Thanks!
The conflict is /usr/share. The parent to the homedir.
Can you setup tomcat5 with a UID < 500?
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
John Oliver