What I had to do in the past, after installing oracle client is to just run
restorecon -vR /usr
This would set the proper lables for oracle libraries and binaries.
Sincerely yours,
Vadym Chepkov
--- On Tue, 3/30/10, Arian <armyofda12mnkeys(a)gmail.com> wrote:
From: Arian <armyofda12mnkeys(a)gmail.com>
Subject: selinux and oracle instantclient
To: selinux(a)lists.fedoraproject.org
Date: Tuesday, March 30, 2010, 10:17 AM
Hello all,
I am using Oracle 11.2 instant client on CentOS (which i heard is based a version of
Fedora/RedHat), and I was trying to use php's PDO and oci8 modules to test connections
to Oracle.
I had originally gotten a php error about pdo_oci.so/oci8.so data execution on a dynamic
link library, libclsh. I asked selinux boards and they said to try 'setsebool -P
allow_execstack on'... I think after that change, i still had issues, so they
suggested to turn it off temporarily to see if it works...
So I went into /etc/sysconfig/selinux and set:
SELINUX=disabled
and my script connected and read some rows from the oracle db.
Im not sure if anyone has had issues with oracle client to work with selinux, without
turning it off.
I saw a blog stating to run these, but i have no idea if it will work for my version of
oracle, or what it does:
"tail -f /var/log/audit/audit.log | tee oracle.log
audit2allow -M oracle < oracle.log
semodule -i oracle.pp"
Thanks!,
Ari
-----Inline Attachment Follows-----
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux