Under RHEL5.3:

[root@localhost ~]# service httpd start
Starting httpd: httpd: Syntax error on line 211 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.d/valicert.conf: Cannot load /etc/httpd/modules/vcapache.so into server: /etc/httpd/modules/vcapache.so: cannot enable executable stack as shared object requires: Permission denied
[FAILED]

[root@localhost ~]# grep execstack /var/log/audit/audit.log | audit2allow -M valicert
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i valicert.pp

[root@localhost ~]# semodule -i valicert.pp
tomcat homedir /usr/share/tomcat5 or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin.

The "tomcat" user requires a shell. I cannot find any mention of /usr/share/tomcat5 in /etc/selinux/targeted/contexts/files/file_contexts What do I need to do to make this work?

FWIW, this module seems to work fine under RHEL5.2 I'm not positive that there wasn't something my predecessor did, but I need to use RHEL5.3 because of the eject before %post bug in anaconda in RHEL5.2