Preventing homedir relabel of Oracle XE files
Andrew Kroeger
andrew at sprocks.gotdns.com
Sat Sep 9 08:13:02 UTC 2006
Greetings:
I just updated to the latest FC5 policy (2.3.7-2), and saw all of the
files in my Oracle XE installation get relabeled to
user_u:object_r:user_home_t. I was able to get Oracle XE installed and
running with SELinux enabled (details available at
http://forums.oracle.com/forums/message.jspa?messageID=1344572 --
registration required), and that got hosed by the relabel.
I initially thought something Oracle-specific had been added to the new
policy and caused the relabel. After some searching, I discovered
entries in /etc/selinux/targeted/contexts/files/file_contexts.homedirs
(which is generated by genhomedircon) that had caused the relabel.
Further investigation showed that genhomedircon ignores "system" users
(UID < 500), but the Oracle RPM creates the "oracle" user as a
non-system user during the install.
Is there any way to provide an exception to the "oracle" user for future
policy updates? I was able to get things working again by re-labeling
the affected files, but I would like to avoid that step for each policy
update that comes out. Also, if specific policies are created for
Oracle XE in the future, would those override the homedir policies for
the non-system "oracle" user, or would there be potential conflicts that
would need to be resolved in that case?
I appreciate any assistance that can be provided in this matter.
Thanks,
Andrew Kroeger
More information about the fedora-selinux-list
mailing list