On Mon, 2005-03-28 at 22:41 -0500, Alan J. Gagne wrote: > allow unconfined_t default_t:file execmod; > allow unconfined_t tmp_t:file execmod; > allow unconfined_t user_home_t:file execmod; > allow unconfined_t usr_t:file execmod; > I can now start the oracle processes with selinux set to enforce. > This may have broken some security that should be in place so > if anybody has any further info please correct my habits before > they become engrained for life. Yikes. unconfined_t is used for unconfined apps for the targeted policy (i.e., almost no limits). Best to change the file contexts of the Oracle application and add properly refined rules. -- Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx> http://fedora.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
Attachment:
signature.asc
Description: This is a digitally signed message part