Home / server / Questions / 1032597
Accepted
welwelwel
Asked: 2020-09-04 10:53:27 +0800 CST

selinux is preventing from execute access on the file centos

  • 772

I want to launch the Tomcat service on CentOS with the cmdlet :

systemctl start tomcat.service

but i get the error

Failed to start Apache ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=203/EXEC).

and the log through the command :

Journalctl -xe

is stating that

Selinux is preventing (artup.sh) from execute access on the file startup.sh

given that i can start any other service on my CentOS what could be the problem for my tomcat service ?

Thank you

tomcat centos centos7

1 Answers

  1. Best Answer

    The SELinux restricts binaries that can be used in ExecStart to paths that has system_u:object_r:bin_t:s0 attribute set. Typically those are /usr/bin /usr/sbin /usr/libexec /usr/local/bin directories.

    You need to move the script into one of this directories or change selinux policy to allow systemd to use binaries in the desired location as:

    chcon -R -t bin_t /opt/tomcat/bin/

    A restorecon will 'unfix' the above better to update the policy e.g.

    semanage fcontext -a -t bin_t "/opt/tomcat/bin(/.*)?"
restorecon -r -v /opt/tomcat/bin

    UPDATE

    If java binary is not located in the standard location (custom JVM distribution), then you need to set bin_t label to it as well. For example, it your JVM installed in /opt/java, then:

    semanage fcontext -a -t bin_t "/opt/java/bin(/.*)?"
restorecon -r -v /opt/java/bin

    NOTICE: systemd ignores JAVA_HOME environment variable if it's not set in unit file.

    • 7