Re: Selinux, Oracle, DBD::Oracle, RHEL5B2

"Thomas J. Baker" <tjb@xxxxxxx> · Mon, 22 Jan 2007 08:55:08 -0500

On Fri, 2007-01-19 at 15:44 -0500, Daniel J Walsh wrote:
> Thomas J. Baker wrote:
> > On Fri, 2007-01-19 at 03:29 -0800, Steve G wrote:
> >   
> >>> Almost got everything working except for this selinux problem (http log error):
> >>>       
> >> We need to see the avcs associated with this.
> >>
> >> -Steve
> >>
> >>     
> >
> > I get 
> >
> > type=AVC msg=audit(1169215302.727:10760): avc:  denied  { execheap } for
> > pid=25241 comm="httpd" scontext=user_u:system_r:httpd_t:s0
> > tcontext=user_u:system_r:httpd_t:s0 tclass=process
> > type=SYSCALL msg=audit(1169215302.727:10760): arch=40000003 syscall=125
> > success=no exit=-13 a0=7653000 a1=1e7000 a2=5 a3=bfb540f0 items=0
> > ppid=25239 pid=25241 auid=4490 uid=48 gid=48 euid=48 suid=48 fsuid=48
> > egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
> > subj=user_u:system_r:httpd_t:s0 key=(null)
> >
> > that coincides with the httpd log of 
> >
> >
> > [Fri Jan 19 09:01:42 2007] [error] [client 132.177.241.80]
> > install_driver(Oracle) failed: Can't load
> > '/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so' for module DBD::Oracle: /usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libnnz10.so: cannot restore segment prot after reloc: Permission denied at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230.\n at (eval 11) line 3\nCompilation failed in require at (eval 11) line 3.\nPerhaps a required shared library or dll isn't installed where expected\n at /web1/perl/Lib/Layout2/Core/Initializer.pm line 191\n\t(in cleanup) Can't call method "disconnect" on an undefined value at /web1/perl/Lib/Layout2/Core/Initializer.pm line 206.\n
> >
> > I've turned on execheap and restarted the webserver but still get this
> > same error.
> >
> > tjb
> >   
> chcon -t textrel_shlib_t 
> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so
> 
> chcon -t textrel_shlib_t /usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libnnz10.so
> 

I tried it and it still fails:

[root@contact tjb]# ls
-lZ /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so /usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libnnz10.so
-r-xr-xr-x  oracle dba
system_u:object_r:textrel_shlib_t /usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libnnz10.so
-r-xr-xr-x  root   root
user_u:object_r:textrel_shlib_t  /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so

[root@contact tjb]# tail /var/log/audit/audit.log
type=DAEMON_ROTATE msg=audit(1169473901.462:136) auditd sending
auid=4490 pid=28184 subj=user_u:system_r:initrc_t:s0, auditd pid=2224
type=AVC msg=audit(1169473909.870:13982): avc:  denied  { search } for
pid=28197 comm="httpd" name="" dev=0:29 ino=23085536
scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0
tclass=dir
type=SYSCALL msg=audit(1169473909.870:13982): arch=40000003 syscall=195
success=no exit=-13 a0=925e540 a1=bf98c3fc a2=493ff4 a3=925e540 items=0
ppid=28196 pid=28197 auid=4490 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1169473918.068:13983): avc:  denied  { execheap } for
pid=28200 comm="httpd" scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:httpd_t:s0 tclass=process
type=SYSCALL msg=audit(1169473918.068:13983): arch=40000003 syscall=125
success=no exit=-13 a0=24cd000 a1=1e7000 a2=5 a3=bf98bf30 items=0
ppid=28198 pid=28200 auid=4490 uid=48 gid=48 euid=48 suid=48 fsuid=48
egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:httpd_t:s0 key=(null)

tjb
-- 
=======================================================================
| Thomas Baker                                  email: tjb@xxxxxxx    |
| Systems Programmer                                                  |
| Research Computing Center                     voice: (603) 862-4490 |
| University of New Hampshire                     fax: (603) 862-1761 |
| 332 Morse Hall                                                      |
| Durham, NH 03824 USA              http://wintermute.sr.unh.edu/~tjb |
=======================================================================

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list