spacewalk has a selinux policy for oracle that should work for you Dennis On Tuesday 30 March 2010 09:32:51 am Daniel J Walsh wrote: > On 03/30/2010 10:17 AM, Arian wrote: > > Hello all, > > I am using Oracle 11.2 instant client on CentOS (which i heard is > > based a version of Fedora/RedHat), and I was trying to use php's PDO > > and oci8 modules to test connections to Oracle. > > > > I had originally gotten a php error about pdo_oci.so/oci8.so > > <http://pdo_oci.so/oci8.so> data execution on a dynamic link library, > > libclsh. I asked selinux boards and they said to try 'setsebool -P > > allow_execstack on'... I think after that change, i still had issues, > > so they suggested to turn it off temporarily to see if it works... > > > > So I went into /etc/sysconfig/selinux and set: > > SELINUX=disabled > > and my script connected and read some rows from the oracle db. > > > > > > Im not sure if anyone has had issues with oracle client to work with > > selinux, without turning it off. > > I saw a blog stating to run these, but i have no idea if it will work > > for my version of oracle, or what it does: > > "tail -f /var/log/audit/audit.log | tee oracle.log > > audit2allow -M oracle < oracle.log > > semodule -i oracle.pp" > > > > > > Thanks!, > > Ari > > > > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > If you turn it back on, contact me and we can work through the problems. > > SELINUX=permissive > > Would have allowed your processes to work and logged all of the errors. > Which we could have then fixed. > > SELinux error messages are written as "AVC" messages in > /var/log/audit/audit.log
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
