Tomcat 6 won't start under FC12

[esb4me]

Trying to start Tomcat6, I get the following in catalina.out

dl failure on line 696Error: failed /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so, because /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so: cannot enable executable stack as shared object requires: Permission denied


Any ideas anyone?

[arrow2315]

Edit: Hi, finally I grokked it.

as root

setsebool -P allow_execstack 1

( before I tried to set the boolean with the gui SELLINUX Interface what did not work.)

Then in the firewall enable

ports 8080, 8009, 8443

Install tomcat6-admin-webapps and the rest via System-> add/remove software ( GNOME) ( search for tomcat6 )

and edit /etc/tomcat6/tomcat-users.xml

That' s it. With http://<yourhostname>:8080/tomcat/manager/html you will get the manager interface.
For troubleshooting: The tomcat logs are under /var/log/tomcat6

catalina.out is the most informative

regards

arrow

p.s I had the test repos enabled and did not check if install runs without


-----obsolete -------

I tried to chage the corresponding boolean value for SELINUX. Does not work. Here the error message from SELINUX AFTER changing "java - allow executable stack " to true.

I go on trying and will post if of success

regards

arrow


Summary:

SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java
"execstack" access on <Unknown>.

Detailed Description:

SELinux denied access requested by java. The current boolean settings do not
allow this access. If you have not setup java to require this access this may
signal an intrusion attempt. If you do intend this access you need to change the
booleans on this system to allow the access.

Allowing Access:

Confined processes can be configured to run requiring different access, SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
allow_execstack is set incorrectly.
Boolean Description:
Allow unconfined executables to make their stack executable. This should never,
ever be necessary. Probably indicates a badly coded executable, but could
indicate an attack. This executable should be reported in bugzilla")


Fix Command:

# setsebool -P allow_execstack 1

Additional Information:

Source Context system_u:system_r:initrc_t:s0
Target Context system_u:system_r:initrc_t:s0
Target Objects None [ process ]
Source java
Source Path /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java
Port <Unknown>
Host mond
Source RPM Packages java-1.6.0-openjdk-devel-1.6.0.0-33.b16.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-46.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall_boolean
Host Name mond
Platform Linux mond 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat
Nov 7 21:25:57 EST 2009 i686 athlon
Alert Count 3
First Seen Sat 21 Nov 2009 01:50:49 PM CET
Last Seen Sat 21 Nov 2009 01:50:49 PM CET

Raw Audit Messages

node=mond type=AVC msg=audit(1258807849.364:154): avc: denied { execstack } for pid=9127 comm="java" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=mond type=SYSCALL msg=audit(1258807849.364:154): arch=40000003 syscall=125 success=no exit=-13 a0=bfe16000 a1=1000 a2=1000007 a3=bfe12f40 items=0 ppid=1 pid=9127 auid=4294967295 uid=91 gid=91 euid=91 suid=91 fsuid=91 egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java" subj=system_u:system_r:initrc_t:s0 key=(null)
--------------------------------

[esb4me]

Thanks,

#setsebool -P allow_execstack 1

did work.

After reading http://danwalsh.livejournal.com/13716.html and http://danwalsh.livejournal.com/6117.html, I then tried

#execstack -c /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so

and this seemed to work also.

I also wonder why nothing appeared in the setroubleshootd.log in the first place.

[JoelF]

I also encountered this and as encouraged by SELinux-troubleshoot, I opened a bugzilla ticket for it.