<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 03/30/2010 10:17 AM, Arian wrote:
<blockquote
cite="mid:797650581003300717h4a250968o80a518934591ccc6@mail.gmail.com"
type="cite">Hello all,<br>
I am using Oracle 11.2 instant client on CentOS (which i heard is based
a version of Fedora/RedHat), and I was trying to use php's PDO and oci8
modules to test connections to Oracle. <br>
<br>
I had originally gotten a php error about <a moz-do-not-send="true"
href="http://pdo_oci.so/oci8.so">pdo_oci.so/oci8.so</a> data execution
on a dynamic
link library, libclsh. I asked selinux boards and they said to try
'setsebool -P allow_execstack on'... I think after that change, i
still had issues, so they suggested to turn it off temporarily to see
if it works...<br>
<br>
So I went into /etc/sysconfig/selinux and set:<br>
SELINUX=disabled<br>
and my script connected and read some rows from the oracle db.<br>
<br>
<br>
Im not sure if anyone has had issues with oracle client to work with
selinux, without turning it off.<br>
I saw a blog stating to run these, but i have no idea if it will work
for my version of oracle, or what it does:<br>
"tail -f /var/log/audit/audit.log | tee oracle.log<br>
audit2allow -M oracle < oracle.log<br>
semodule -i oracle.pp"<br>
<br>
<br>
Thanks!,<br>
Ari<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
selinux mailing list
<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
If you turn it back on, contact me and we can work through the problems.<br>
<br>
SELINUX=permissive <br>
<br>
Would have allowed your processes to work and logged all of the errors.
Which we could have then fixed. <br>
<br>
SELinux error messages are written as "AVC" messages in
/var/log/audit/audit.log<br>
</body>
</html>