Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:czechidm_installation [2019/06/04 11:44]
urbanl odebrany known issues, problem se selinuxem byl dan do navodu server preparation linux 		tutorial:adm:czechidm_installation [2019/06/10 13:13]
urbanl old revision restored (2019/03/18 14:46)
Line 439: Line 439:
 Follow some final configuration steps: [[tutorial:adm:czechidm_installation_finalize|]]. Follow some final configuration steps: [[tutorial:adm:czechidm_installation_finalize|]].
  
 +=== Known Isues ===
 +It is possible that, on some distros, SELinux will deny acces to the database for tomcat. The tomcat will error to the ''/var/log/tomcat/catalina.out''or ''/var/log/messages'' line similar to ''org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.''.
 +
 +If this happens, set the permissive mode for tomcat:
 +<code>
 +semanage permissive -a tomcat_t
 +</code>
 +
 +<note warning>
 +Evaluate impact of SELinux adjustments **before** you implement them. Proper mitigation heavily depends on habits and security policies of your organization.
 +
 +There are some possibilities:
 +  * Set permissive mode for logrotate as above.
 +  * Set permissive mode for whole SELinux. (This will drop the SELinux's protective function.)
 +  * Adjust particular SELinux labels. Example ([[https://access.redhat.com/solutions/39006|here]]).
 +</note>
  • by kralikf