-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Oliver wrote: > On Tue, Feb 10, 2009 at 02:58:38PM -0500, Daniel J Walsh wrote: >> # grep execstack /var/log/audit/audit.log | audit2allow -M myexecstack >> # semodule -i myexecstack.pp > > [root@localhost ~]# semodule -i valicert.pp > tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with > a > defined context in /etc/selinux/targeted/contexts/files/file_contexts, > /usr/sbin/genhomedircon will not create a new context. This usually > indicates an incorrectly defined system account. If it is a system > account please make sure its login shell is /sbin/nologin. > > > The tomcat user appears to require a valid shell. And I cannot find any > reference to /usr/share/tomcat5 in > /etc/selinux/targeted/contexts/files/file_contexts > > Thanks! > The conflict is /usr/share. The parent to the homedir. Can you setup tomcat5 with a UID < 500? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmUjSwACgkQrlYvE4MpobP5NACdH/USmuMmBybAk127mZvNaF1g npUAoNbUimBXs+bqth2ONlwA4+XsQx+u =np2Q -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
