On a newly built Oracle Linux 8 server i added a drive and file system, then put put Apache Tomcat on that file system via the tarball. Now when starting Tomcat via a services file, I get an error saying Tomcat has not started, and my journalctl file shows the following:
Apr 04 09:53:17 t-einv systemd[1]: Failed to start Apache Tomcat Web Application Container. -- Subject: Unit tomcat.service has failed -- Defined-By: systemd -- Support: https://support.oracle.com
-- Unit tomcat.service has failed.
-- The result is failed. Apr 04 09:53:17 t-einv setroubleshoot[2924]: AnalyzeThread.run(): Cancel pending alarm Apr 04 09:53:17 t-einv setroubleshoot[2924]: SELinux is preventing /usr/lib/systemd/systemd from execute_no_trans access on the file /u01/tomcat/bin/startup.sh. For complete SELinux messages run: sealert -l 97dddf7a-4f8a-4> Apr 04 09:53:17 t-einv setroubleshoot[2924]: SELinux is preventing /usr/lib/systemd/systemd from execute_no_trans access on the file /u01/tomcat/bin/startup.sh.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd should be allowed execute_no_trans access on the startup.sh file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(artup.sh)' --raw | audit2allow -M my-artupsh
# semodule -X 300 -i my-artupsh.pp
Apr 04 09:53:17 t-einv setroubleshoot[2924]: AnalyzeThread.run(): Set alarm timeout to 10
ruunig ls -FlasZ on the tomcate/bin directory shows the following selinux policies on startup.sh
unconfined_u:object_r:default_t:s0 1904 Apr 3 09:27 startup.sh*
Any ideas on how wo change the policy permanently to get this running?
