Not sure this was the best approach. but it's working ! Downloaded the selinux-policy-targeted-sources and added the following to the policy.conf. allow unconfined_t default_t:file execmod; allow unconfined_t tmp_t:file execmod; allow unconfined_t user_home_t:file execmod; allow unconfined_t usr_t:file execmod; ( these were determined by running allow2audit against the audit.log and taking only the ones which affected the oracle processes from starting.) Did a make and make load. I can now start the oracle processes with selinux set to enforce. This may have broken some security that should be in place so if anybody has any further info please correct my habits before they become engrained for life. Alan