diff --git a/heartbeat/tomcat b/heartbeat/tomcat

index 8b7fe31..07a7ce4 100755

--- a/heartbeat/tomcat

+++ b/heartbeat/tomcat

@@ -49,6 +49,13 @@

 : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}

 . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs

+# Use runuser if available for SELinux.

+if [ -x /sbin/runuser ]; then 

+  SU=runuser

+else

+  SU=su

+fi

+

 ############################################################################

 # Usage

 usage() 

@@ -143,7 +150,7 @@ monitor_tomcat()

 start_rotatelogs()

 {

 	# -s is required because tomcat5.5's login shell is /bin/false

-	su - -s /bin/sh $RESOURCE_TOMCAT_USER \

+	$SU - -s /bin/sh $RESOURCE_TOMCAT_USER \

         	-c "$ROTATELOGS -l \"$CATALINA_BASE/logs/catalina_%F.log\" $CATALINA_ROTATETIME" \

         	< "$CATALINA_OUT" > /dev/null 2>&1 &

 }

@@ -154,7 +161,7 @@ rotate_catalina_out()

 {

 	# Check catalina_%F.log is writable or not.

 	CURRENT_ROTATELOG_SUFFIX=`date +"%F"`

-	su - -s /bin/sh $RESOURCE_TOMCAT_USER \

+	$SU - -s /bin/sh $RESOURCE_TOMCAT_USER \

 		-c "touch \"$CATALINA_BASE/logs/catalina_$CURRENT_ROTATELOG_SUFFIX.log\"" > /dev/null 2>&1

 	if [ $? -ne 0 ]; then

 		ocf_exit_reason "$CATALINA_BASE/logs/catalina_$CURRENT_ROTATELOG_SUFFIX.log is not writable."

@@ -205,7 +212,7 @@ attemptTomcatCommand()

 	if [ "$RESOURCE_TOMCAT_USER" = root ]; then

 		"$TOMCAT_START_SCRIPT" $@ >> "$TOMCAT_CONSOLE" 2>&1

 	else

-		tomcatCommand $@ | su - -s /bin/sh "$RESOURCE_TOMCAT_USER" >> "$TOMCAT_CONSOLE" 2>&1

+		tomcatCommand $@ | $SU - -s /bin/sh "$RESOURCE_TOMCAT_USER" >> "$TOMCAT_CONSOLE" 2>&1

 	fi

 	if [ -n "$REDIRECT_DEFAULT_CONFIG" ]; then