Andrew Kroeger wrote:
Greetings:
I just updated to the latest FC5 policy (2.3.7-2), and saw all of the
files in my Oracle XE installation get relabeled to
user_u:object_r:user_home_t. I was able to get Oracle XE installed
and running with SELinux enabled (details available at
http://forums.oracle.com/forums/message.jspa?messageID=1344572 --
registration required), and that got hosed by the relabel.
I initially thought something Oracle-specific had been added to the
new policy and caused the relabel. After some searching, I discovered
entries in /etc/selinux/targeted/contexts/files/file_contexts.homedirs
(which is generated by genhomedircon) that had caused the relabel.
Further investigation showed that genhomedircon ignores "system" users
(UID < 500), but the Oracle RPM creates the "oracle" user as a
non-system user during the install.
What does the oracle user account look like? Does it have a real login
shell? If you change the account to have a shell of /sbin/nologin, the
labeleing should work correctly.
Is there any way to provide an exception to the "oracle" user for
future policy updates? I was able to get things working again by
re-labeling the affected files, but I would like to avoid that step
for each policy update that comes out. Also, if specific policies are
created for Oracle XE in the future, would those override the homedir
policies for the non-system "oracle" user, or would there be potential
conflicts that would need to be resolved in that case?
I appreciate any assistance that can be provided in this matter.
Thanks,
Andrew Kroeger
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
