Oracle 10g on FC2T1
M A Young
m.a.young at durham.ac.uk
Wed Mar 24 10:51:46 UTC 2004
On Wed, 24 Mar 2004, K,N,D Farnik wrote:
> Looking forward to your solution!
Unfortunately the solution I was hoping to use relies on file capability
support, which it seems no-one has got around to implementing yet. The
good news is that it looks like there are moves to forward port a kernel
patch in RHEL3 to 2.6 which avoids the problem, see
http://marc.theaimsgroup.com/?t=107957672600001&r=1&w=2
The hack solution which is a bad idea for lots of reasons is to make
${ORACLE_HOME}/bin/oracle setuid root. This basically seems to work,
though is likely to cause problems, is a big security risk, invalidates
your waranty, etc... so don't try it on anything but test systems you can
afford to rebuild completely if things go wrong.
Michael Young
> >M A Young writes:
> > The problem seems to be when oracle does a particular shmget call
> > shmget(IPC_PRIVATE, some number, IPC_CREAT|IPC_EXCL|IPC_NOWAIT|0600)
> > to sort out its shared memory. In 2.6 it seems you need extra kernel
> > capabilities for this to work (I think CAP_IPC_LOCK).
> >
> > I do have a way around this, but it is too much of a bad idea
> > to share at
> > the moment. The correct solution would be to find some way of granting
> > this extra capability to the oracle user or appropriate
> > executables, which
> > you might be able to do with selinux, and I have an idea of
> > how it might
> > be done more safely without selinux.
More information about the fedora-test-list
mailing list