SELinux has to be disabled on RHEL/OEL 5

zhanglei_itput發表於2010-05-13
Linux

SELinux has to be disabled on RHEL/OEL 5

Due to an internal bugs of Oracle database (Bug 6140224, Bug 6079461), SELinux has to be disabled on RHEL/OEL 5 to work with Oracle database 10.2

一、Symptoms
Immediately after a successful RDBMS installation sqlplus will not start:
./sqlplus / as sysdba
./sqlplus: error while loading shared libraries: $ORACLE_HOME/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied

二、change
SELinux is running in "enforcing" mode. So disable SELinux mode.

三、Cause
You are encountering unpublished Bug 6140224, "SQLPLUS FAILS TO LOAD LIBNNZ11.SO WITH SELINUX ENABLED ON EL5/RHEL5".  
Oracle Developement is actively working on this compiler version compatibility issue
(ICC compilers that are used for several libraries, such as LIBNNZ10.SO and LIBNNZ11.SO) in the RHEL 5 and OEL 5 environments.

四、To check whether SELinux is Enabled or Disabled in a system
    Security-enhanced Linux (SELinux) is a reference implementation of the Flask security architecture for flexible mandatory access control.
    It was created to demonstrate the value of flexible mandatory access controls and how such controls could be added to an operating system.
    The Flask architecture has been subsequently mainstreamed into Linux, and ported to several other systems, including the Solaris operating system, the FreeBSD operating system, and the Darwin kernel, spawning a wide range of related work.
    The Flask architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement, Role-based Access Control, and Multi-level Security.

     SELinux may be in three different modes: Enforcing , Disabled or Permissive
     use this command to check current status:
     # /usr/sbin/getenforce
     # /usr/sbin/sestatus
    
五、How to Disable or set SELinux to Permissive mode
1. Edit /etc/selinux/config

   a. Change the SELINUX value to "SELINUX=disabled".
   b. Reboot the server.

2. To check the status of SELinux:
   # /usr/sbin/sestatus
    
    
參考文獻:
1. ./sqlplus: error on libnnz11.so: cannot restore segment prot after reloc [ID 454196.1]
2. How to Check whether SELinux is Enabled or Disabled [ID 432988.1]    
3. How to Disable or set SELinux to Permissive mode [ID 457458.1]

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/9252210/viewspace-662627/,如需轉載,請註明出處,否則將追究法律責任。

相關文章