Alan J. Gagne wrote:
Having much fun with selinux setting in core 4.
I have run into very simular errors after installing various
applications in fc4t1. Looking for the best way to correct these issues
without having to change enforce to permissive. With Oracle 10g instant
client and Adobe reader 5, I changed the context on the directory to
systen_u. (chcon -R -u system_u ) Both of these apps were installed as
root. With my lastest install, Oracle 10g database I am hoping for a
better approach. Any suggestions????
sqlplus: error while loading shared
libraries: /home/oracle/product/10.1.0.3/db_1/lib/libnnz10.so: cannot
restore segment prot after reloc: Permission denied
mtype=KERNEL msg=audit(1112056968.248:16397627): avc: denied
{ execmod } for pid=3811 comm=sqlplus
path=/home/oracle/product/10.1.0.3/db_1/lib/libnnz10.so dev=dm-0
ino=22156870 scontext=user_u:system_r:unconfined_t
tcontext=user_u:object_r:default_t tclass=file
Alan
The best idea is to first move the application to a different directory
say /opt or /var or /usr/local.
say mv /home/oracle /opt
Then
restorecon -R -v /home/oracle
For the so files that are asking for execmod, you will need to label
them texrel_shlib_t
chcon -t texrel_shlib_t /opt/oracle/product/10.1.0.3/db_1/lib/libnnz10.so
For thes files entries you might also want to add them to
/etc/selinux/targeted/contexts/files/file_contexts.local
/opt/oracle/product/10.1.0.3/db_1/lib/libnnz10.so --
system_u:object_r:texrel_shlib_t
Dan
--