Selinux FUN
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 29 11:49:09 UTC 2005
Alan J. Gagne wrote:
>Having much fun with selinux setting in core 4.
>I have run into very simular errors after installing various
>applications in fc4t1. Looking for the best way to correct these issues
>without having to change enforce to permissive. With Oracle 10g instant
>client and Adobe reader 5, I changed the context on the directory to
>systen_u. (chcon -R -u system_u ) Both of these apps were installed as
>root. With my lastest install, Oracle 10g database I am hoping for a
>better approach. Any suggestions????
>
>sqlplus: error while loading shared
>libraries: /home/oracle/product/10.1.0.3/db_1/lib/libnnz10.so: cannot
>restore segment prot after reloc: Permission denied
>
>mtype=KERNEL msg=audit(1112056968.248:16397627): avc: denied
>{ execmod } for pid=3811 comm=sqlplus
>path=/home/oracle/product/10.1.0.3/db_1/lib/libnnz10.so dev=dm-0
>ino=22156870 scontext=user_u:system_r:unconfined_t
>tcontext=user_u:object_r:default_t tclass=file
>
>Alan
>
>
>
The best idea is to first move the application to a different directory
say /opt or /var or /usr/local.
say mv /home/oracle /opt
Then
restorecon -R -v /home/oracle
For the so files that are asking for execmod, you will need to label
them texrel_shlib_t
chcon -t texrel_shlib_t /opt/oracle/product/10.1.0.3/db_1/lib/libnnz10.so
For thes files entries you might also want to add them to
/etc/selinux/targeted/contexts/files/file_contexts.local
/opt/oracle/product/10.1.0.3/db_1/lib/libnnz10.so --
system_u:object_r:texrel_shlib_t
Dan
--
More information about the test
mailing list