[java-sig-commits] [Bug 797928] jetty-8.1.0-4.fc17.noarch causes SELinux AVCs, won't start in enforcing mode
bugzilla at redhat.com
bugzilla at redhat.com
Mon Feb 27 16:49:56 UTC 2012
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=797928
--- Comment #4 from Daniel Walsh <dwalsh at redhat.com> 2012-02-27 11:49:54 EST ---
Stanisav, the reason it is working for you versus Tom, is Tom runs his machine
with a much more locked down environment. Tom's system has unconfined.pp
disabled meaning, he does not have any unconfined domains running on his box.
jetty is running as initrc_t which is an unconfined domain, and thus works on
your box. We have changed the labeling on the lates policy to run jetty under
the same label as httpd.
The only problem I am aware of now is that jetty needs to have the
httpd_execmem boolean turned on to work and you are writing to your log files
rather then appending to them. SELinux will prevent this.
We might want to turn on the httpd_execmem boolean in your post install or turn
it on and off when you start and stop the service.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the java-sig-commits
mailing list