Selinux, Oracle, DBD::Oracle, RHEL5B2

Thomas J. Baker tjb at unh.edu
Thu Jan 18 19:20:23 UTC 2007 

I'm trying to set up a a mod_perl/oracle website on an RHEL5B2 system. I
installed the oracle-xe-client rpm, DBD::Oracle, etc.  Almost got
everything working except for this selinux problem (http log error):


[Thu Jan 18 14:01:31 2007] [error] [client xxx] install_driver(Oracle)
failed: Can't load
'/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so' for module DBD::Oracle: libclntsh.so.10.1: cannot enable executable stack as shared object requires: Permission denied at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230.\n at (eval 11) line 3\nCompilation failed in require at (eval 11) line 3.\nPerhaps a required shared library or dll isn't installed where expected\n at /web1/perl/Lib/Layout2/Core/Initializer.pm line 191\n\t(in cleanup) Can't call method "disconnect" on an undefined value at /web1/perl/Lib/Layout2/Core/Initializer.pm line 206.\n

I've tried turning off execstack on the affected oracle shared libs but
that didn't work. First I turned it off on libclntsh.so.10.1 but got the
same error about libnnz10.so so I turned it off on that. Then I got 

[Thu Jan 18 14:06:29 2007] [error] [client xxx] install_driver(Oracle)
failed: Can't load
'/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBD/Oracle/Oracle.so' for module DBD::Oracle: /usr/lib/oracle/xe/app/oracle/product/10.2.0/client/lib/libnnz10.so: cannot restore segment prot after reloc: Permission denied at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230.\n at (eval 11) line 3\nCompilation failed in require at (eval 11) line 3.\nPerhaps a required shared library or dll isn't installed where expected\n at /web1/perl/Lib/Layout2/Core/Initializer.pm line 191\n\t(in cleanup) Can't call method "disconnect" on an undefined value at /web1/perl/Lib/Layout2/Core/Initializer.pm line 206.\n

Turning on allow_exec{mem,mod,heap} didn't help. I should add that
turning off enforcing makes everything work.

Is there any type I can label the oracle libs so this works?

Thanks,

tjb
-- 
=======================================================================
| Thomas Baker                                  email: tjb at unh.edu    |
| Systems Programmer                                                  |
| Research Computing Center                     voice: (603) 862-4490 |
| University of New Hampshire                     fax: (603) 862-1761 |
| 332 Morse Hall                                                      |
| Durham, NH 03824 USA              http://wintermute.sr.unh.edu/~tjb |
=======================================================================

More information about the fedora-selinux-list mailing list