[Spacewalk-list] selinux blocking

Jan-Frode Myklebust janfrode at tanso.net
Tue Feb 10 11:04:01 UTC 2009 

On Tue, Feb 10, 2009 at 11:00:40AM +0100, Jan Pazdziora wrote:
> 
> Yep. oracle-instantclient-selinux should do this for you. Maybe you
> did reinstall the oracle-instantclient package that that cleared
> execstack got lost?

No, pretty sure we haven't re-installed the oracle-instantclient after
upgrading to spacewalk 0.4. But, I see the oracle-instantclient-selinux
only does changes to v10.2.0.4-files, and we're on v10.2.0.3...

But we already had implemented the textrel_shlib_t on our
v10.2.0.3-libs:

[root at repo1 ~]# ls -Z /usr/lib/oracle/10\.2*/client64/lib/*
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/glogin.sql
lrwxrwxrwx  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so -> libclntsh.so.10.1
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libclntsh.so.10.1
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libheteroxa10.so
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libnnz10.so
lrwxrwxrwx  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libocci.so -> libocci.so.10.1
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libocci.so.10.1
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libociei.so
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libocijdbc10.so
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libsqlplusic.so
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/libsqlplus.so
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/ojdbc14.jar
-rw-r--r--  root root system_u:object_r:textrel_shlib_t /usr/lib/oracle/10.2.0.3/client64/lib/orai18n.jar

but was missing oracle_sqlplus_exec_t on /usr/lib/oracle/10.2.0.3/client64/bin/sqlplus.
Plus removed execstack on all these libs, and now I think this problem is gone.


  -jf

More information about the Spacewalk-list mailing list