Oracle 11g Client and Selinux

Daniel J Walsh dwalsh at redhat.com
Thu Aug 12 17:10:27 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/10/2010 06:42 PM, Garry T. Williams wrote:
> I just installed the Oracle 11g client on a Fedora 13 x86_64 system.
> I encountered a problem, though.  Here's the summary:
> 
> After installation, I wanted to add the client libraries to ldconfig
> so I could link my code to them.  I added oracle.conf to the
> /etc/ld.so.conf.d directory with this line:
> 
>     /opt/oracle/product/lib
> 
> and ran ldconfig as root.  Now the fun started.
> 
> I ran into the usual problems with Oracle, like needing execmod on
> their libraries.  But I noticed that the system was pegged with dbus
> and sedispatch in top.  Not understanding what the problem was, I
> rebooted.  It's a fresh Fedora install -- I guess I'm still
> trigger-happy.  :-)  Now the desktop won't come up because the system
> dbus failed to start.
> 
> I checked the audit logs and found:
> 
>     type=AVC msg=audit(1281461253.603:93564): avc:  denied  { execute } for  pid=26249 comm="dbus-daemon-lau" path="/opt/oracle/product/lib/libexpat.so.1" dev=dm-0 ino=324505 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
> 
>     type=SYSCALL msg=audit(1281461253.603:93564): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=130f38 a2=5 a3=802 items=0 ppid=26248 pid=26249 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
> 
> I knew what to do at this point and renamed libexpat in Oracle's lib
> directory and rebooted successfully.
> 
> I was surprised to see /lib64/dbus-1/dbus-daemon-launch-helper link to
> Oracle's version of libexpat.
> 
> What did I do wrong?
> 
I would also run restorecon -R -v /opt

To make sure the SELinux labels are correct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxkKwMACgkQrlYvE4MpobMFegCdGGch4Tyd74ciCnws11dy90S0
pwQAniy33HZAaCvJ+5D34hrus94JRwM8
=ujOk
-----END PGP SIGNATURE-----


More information about the users mailing list