Selinux Fun

Alan J. Gagne alan.gagne at
Tue Mar 29 03:41:04 UTC 2005

Not sure this was the best approach. but it's working !

Downloaded the selinux-policy-targeted-sources and added the following
to the policy.conf.

allow unconfined_t default_t:file execmod;
allow unconfined_t tmp_t:file execmod;
allow unconfined_t user_home_t:file execmod;
allow unconfined_t usr_t:file execmod;

( these were determined by running allow2audit against 
  the audit.log and taking only the ones which affected 
  the oracle processes from starting.)

Did a make and make load.

I can now start the oracle processes with selinux set to enforce.
This may have broken some security that should be in place so
if anybody has any further info please correct my habits before
they become engrained for life.


More information about the test mailing list