Jay Leafey
2007-Nov-08 19:07 UTC
[CentOS] Oracle Instant Client 11g on CentOS 5 (32-bit) workaround
I downloaded the RPMs from the Oracle web site (otn.oracle.com) and
successfully installed them on my C5 box, but the sqlplus client
software would not run properly. After a few iterations with sealert, I
finally got a handle on what was happening.
It turns out that most of the shared libraries Oracle installs need to
have their SElinux file context modified to allow relocation. Here's
the quick-and-dirty routine I use to repair this:
find /usr/lib/oracle/11.1.0.1/client/lib -type f -name \*.so\* \
-exec chcon -t textrel_shlib_t {} \;
Obviously you could get around this by disabling SElinux, but I really
want to avoid that if possible.
Now a quick question: does anybody know if there is any way to
configure SElinux so that the context for these files won't be
"fixed"
by a restorecon operation on this directory?
Thanks!
--
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20071108/2bb2e325/attachment.bin>
Paul Heinlein
2007-Nov-08 19:26 UTC
[CentOS] Oracle Instant Client 11g on CentOS 5 (32-bit) workaround
On Thu, 8 Nov 2007, Jay Leafey wrote:> I downloaded the RPMs from the Oracle web site (otn.oracle.com) and > successfully installed them on my C5 box, but the sqlplus client > software would not run properly. After a few iterations with > sealert, I finally got a handle on what was happening. > > It turns out that most of the shared libraries Oracle installs need > to have their SElinux file context modified to allow relocation. > Here's the quick-and-dirty routine I use to repair this: > > find /usr/lib/oracle/11.1.0.1/client/lib -type f -name \*.so\* \ > -exec chcon -t textrel_shlib_t {} \; > > Obviously you could get around this by disabling SElinux, but I > really want to avoid that if possible. > > Now a quick question: does anybody know if there is any way to > configure SElinux so that the context for these files won't be > "fixed" by a restorecon operation on this directory?It'd be something to the effect of semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/11.1.0.1/client/lib/.*\.so.*" or, less version-specific, semanage fcontext -a -t textrel_shlib_t \ "/usr/lib/oracle/[0-9.]*/client/lib/.*\.so.*" -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/