Pre-req:
sudo yum install -y rpm-build policycoreutils-devel
- List unconfined java service
ps -eZ | grep unconfined_service_t
2. Generate a default policy for catalina.sh because this is the script run from the systemd unit file visiblethread-docs.service.Note-n [policy name]sepolicy generate --init -n vtdocs /opt/visiblethread/tomcat/bin/catalina.sh
3. The above command creates a script for your policy, so in this example it will bevtdocs.sh. Run it or if you want to add additional policies edit thevtdocs.tefile then run thevtdocs.sh./vtdocs.sh
4. Now the policy is installed, restart the service and run the grep again and you should get no results for java.sudo systemctl restart visiblethread-docs
ps -eZ | grep unconfined_service_t
If you have any issues or questions, feel free to contact support@visiblethread.com