I downloaded the RPMs from the Oracle web site (otn.oracle.com) and successfully installed them on my C5 box, but the sqlplus client software would not run properly. After a few iterations with sealert, I finally got a handle on what was happening.
It turns out that most of the shared libraries Oracle installs need to have their SElinux file context modified to allow relocation. Here's the quick-and-dirty routine I use to repair this:
find /usr/lib/oracle/11.1.0.1/client/lib -type f -name *.so* \ -exec chcon -t textrel_shlib_t {} ;
Obviously you could get around this by disabling SElinux, but I really want to avoid that if possible.
Now a quick question: does anybody know if there is any way to configure SElinux so that the context for these files won't be "fixed" by a restorecon operation on this directory?
Thanks!
On Thu, 8 Nov 2007, Jay Leafey wrote:
I downloaded the RPMs from the Oracle web site (otn.oracle.com) and successfully installed them on my C5 box, but the sqlplus client software would not run properly. After a few iterations with sealert, I finally got a handle on what was happening.
It turns out that most of the shared libraries Oracle installs need to have their SElinux file context modified to allow relocation. Here's the quick-and-dirty routine I use to repair this:
find /usr/lib/oracle/11.1.0.1/client/lib -type f -name *.so* \ -exec chcon -t textrel_shlib_t {} ;
Obviously you could get around this by disabling SElinux, but I really want to avoid that if possible.
Now a quick question: does anybody know if there is any way to configure SElinux so that the context for these files won't be "fixed" by a restorecon operation on this directory?
It'd be something to the effect of
semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/11.1.0.1/client/lib/.*.so.*"
or, less version-specific,
semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/[0-9.]*/client/lib/.*.so.*"
Paul Heinlein wrote:
It'd be something to the effect of
semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/11.1.0.1/client/lib/.*.so.*"
or, less version-specific,
semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/[0-9.]*/client/lib/.*.so.*"
Double-plus good! That works a treat, and even takes care of the cases where I install some of the other related packages (devel, odbc, jdbc) after-the-fact. That one goes in the notebook!
-
Jay Leafey -
Paul Heinlein