Fedora Linux Support Community & Resources Center
  #1  
Old 20th November 2009, 06:56 PM
esb4me Offline
Registered User
 
Join Date: Nov 2007
Posts: 7
linuxfedorafirefox
Tomcat 6 won't start under FC12

Trying to start Tomcat6, I get the following in catalina.out

dl failure on line 696Error: failed /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so, because /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so: cannot enable executable stack as shared object requires: Permission denied


Any ideas anyone?
Reply With Quote
  #2  
Old 21st November 2009, 01:07 PM
arrow2315 Offline
Registered User
 
Join Date: Jun 2009
Posts: 16
linuxfedorafirefox
tomcat Probles F 12 - setsebool -P allow_execstack 1 - might do

Edit: Hi, finally I grokked it.

as root

setsebool -P allow_execstack 1

( before I tried to set the boolean with the gui SELLINUX Interface what did not work.)

Then in the firewall enable

ports 8080, 8009, 8443

Install tomcat6-admin-webapps and the rest via System-> add/remove software ( GNOME) ( search for tomcat6 )

and edit /etc/tomcat6/tomcat-users.xml

That' s it. With http://<yourhostname>:8080/tomcat/manager/html you will get the manager interface.
For troubleshooting: The tomcat logs are under /var/log/tomcat6

catalina.out is the most informative

regards

arrow

p.s I had the test repos enabled and did not check if install runs without


-----obsolete -------

I tried to chage the corresponding boolean value for SELINUX. Does not work. Here the error message from SELINUX AFTER changing "java - allow executable stack " to true.

I go on trying and will post if of success

regards

arrow


Summary:

SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java
"execstack" access on <Unknown>.

Detailed Description:

SELinux denied access requested by java. The current boolean settings do not
allow this access. If you have not setup java to require this access this may
signal an intrusion attempt. If you do intend this access you need to change the
booleans on this system to allow the access.

Allowing Access:

Confined processes can be configured to run requiring different access, SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
allow_execstack is set incorrectly.
Boolean Description:
Allow unconfined executables to make their stack executable. This should never,
ever be necessary. Probably indicates a badly coded executable, but could
indicate an attack. This executable should be reported in bugzilla")


Fix Command:

# setsebool -P allow_execstack 1

Additional Information:

Source Context system_u:system_r:initrc_t:s0
Target Context system_u:system_r:initrc_t:s0
Target Objects None [ process ]
Source java
Source Path /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java
Port <Unknown>
Host mond
Source RPM Packages java-1.6.0-openjdk-devel-1.6.0.0-33.b16.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-46.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall_boolean
Host Name mond
Platform Linux mond 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat
Nov 7 21:25:57 EST 2009 i686 athlon
Alert Count 3
First Seen Sat 21 Nov 2009 01:50:49 PM CET
Last Seen Sat 21 Nov 2009 01:50:49 PM CET

Raw Audit Messages

node=mond type=AVC msg=audit(1258807849.364:154): avc: denied { execstack } for pid=9127 comm="java" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=mond type=SYSCALL msg=audit(1258807849.364:154): arch=40000003 syscall=125 success=no exit=-13 a0=bfe16000 a1=1000 a2=1000007 a3=bfe12f40 items=0 ppid=1 pid=9127 auid=4294967295 uid=91 gid=91 euid=91 suid=91 fsuid=91 egid=91 sgid=91 fsgid=91 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/bin/java" subj=system_u:system_r:initrc_t:s0 key=(null)
--------------------------------

Last edited by arrow2315; 21st November 2009 at 02:36 PM. Reason: improving usefulness
Reply With Quote
  #3  
Old 22nd November 2009, 09:29 AM
esb4me Offline
Registered User
 
Join Date: Nov 2007
Posts: 7
linuxfedorafirefox
execstack -c

Thanks,

#setsebool -P allow_execstack 1

did work.

After reading http://danwalsh.livejournal.com/13716.html and http://danwalsh.livejournal.com/6117.html, I then tried

#execstack -c /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client/libjvm.so

and this seemed to work also.

I also wonder why nothing appeared in the setroubleshootd.log in the first place.
Reply With Quote
  #4  
Old 22nd November 2009, 04:26 PM
JoelF Offline
Registered User
 
Join Date: Nov 2009
Posts: 2
linuxfedorakonqueror
I also encountered this and as encouraged by SELinux-troubleshoot, I opened a bugzilla ticket for it.
Reply With Quote
Reply

Tags
fc12, start, tomcat

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat5 trouble on Fedora Core 6, how do I start tomcat 5? tomzam Servers & Networking 17 1st May 2012 02:26 PM
Fedora 10 Tomcat 6 Won't Start ole_ersoy Using Fedora 0 27th December 2008 11:46 PM
Tomcat Plugin for Netbeans won't start esb4me Using Fedora 0 11th December 2008 09:18 AM
How do I start tomcat automatically when the computer starts? axiopisty Using Fedora 3 21st December 2007 02:42 PM
How can I start tomcat server? tomylinux Servers & Networking 4 28th September 2005 07:31 AM


Current GMT-time: 02:27 (Saturday, 02-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat