selinux and oracle instantclient
Vadym Chepkov
chepkov at yahoo.com
Tue Mar 30 22:04:02 UTC 2010
What I had to do in the past, after installing oracle client is to just run
restorecon -vR /usr
This would set the proper lables for oracle libraries and binaries.
Sincerely yours,
Vadym Chepkov
--- On Tue, 3/30/10, Arian <armyofda12mnkeys at gmail.com> wrote:
From: Arian <armyofda12mnkeys at gmail.com>
Subject: selinux and oracle instantclient
To: selinux at lists.fedoraproject.org
Date: Tuesday, March 30, 2010, 10:17 AM
Hello all,
I am using Oracle 11.2 instant client on CentOS (which i heard is based a version of Fedora/RedHat), and I was trying to use php's PDO and oci8 modules to test connections to Oracle.
I had originally gotten a php error about pdo_oci.so/oci8.so data execution on a dynamic
link library, libclsh. I asked selinux boards and they said to try 'setsebool -P allow_execstack on'... I think after that change, i still had issues, so they suggested to turn it off temporarily to see if it works...
So I went into /etc/sysconfig/selinux and set:
SELINUX=disabled
and my script connected and read some rows from the oracle db.
Im not sure if anyone has had issues with oracle client to work with selinux, without turning it off.
I saw a blog stating to run these, but i have no idea if it will work for my version of oracle, or what it does:
"tail -f /var/log/audit/audit.log | tee oracle.log
audit2allow -M oracle < oracle.log
semodule -i oracle.pp"
Thanks!,
Ari
-----Inline Attachment Follows-----
--
selinux mailing list
selinux at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100330/5ad08e0e/attachment.html
More information about the selinux
mailing list