FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-10-2010, 10:42 PM
"Garry T. Williams"
 
Default Oracle 11g Client and Selinux

I just installed the Oracle 11g client on a Fedora 13 x86_64 system.
I encountered a problem, though. Here's the summary:

After installation, I wanted to add the client libraries to ldconfig
so I could link my code to them. I added oracle.conf to the
/etc/ld.so.conf.d directory with this line:

/opt/oracle/product/lib

and ran ldconfig as root. Now the fun started.

I ran into the usual problems with Oracle, like needing execmod on
their libraries. But I noticed that the system was pegged with dbus
and sedispatch in top. Not understanding what the problem was, I
rebooted. It's a fresh Fedora install -- I guess I'm still
trigger-happy. :-) Now the desktop won't come up because the system
dbus failed to start.

I checked the audit logs and found:

type=AVC msg=audit(1281461253.603:93564): avc: denied { execute } for pid=26249 comm="dbus-daemon-lau" path="/opt/oracle/product/lib/libexpat.so.1" dev=dm-0 ino=324505 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:usr_t:s0 tclass=file

type=SYSCALL msg=audit(1281461253.603:93564): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=130f38 a2=5 a3=802 items=0 ppid=26248 pid=26249 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

I knew what to do at this point and renamed libexpat in Oracle's lib
directory and rebooted successfully.

I was surprised to see /lib64/dbus-1/dbus-daemon-launch-helper link to
Oracle's version of libexpat.

What did I do wrong?

--
Garry T. Williams
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-11-2010, 07:34 AM
Roberto Ragusa
 
Default Oracle 11g Client and Selinux

Garry T. Williams wrote:
>
> After installation, I wanted to add the client libraries to ldconfig
> so I could link my code to them. I added oracle.conf to the
> /etc/ld.so.conf.d directory with this line:
>
> /opt/oracle/product/lib
>
> and ran ldconfig as root. Now the fun started.
[...]
>
> I was surprised to see /lib64/dbus-1/dbus-daemon-launch-helper link to
> Oracle's version of libexpat.
>
> What did I do wrong?

Did you add the line in ld.so.conf in first position or in last position?
Could be related to ordering.

Or, more simply, what you specify in ld.so.conf has precedence against
/lib and /usr/lib, so the Oracle lib always wins. (man ld.so seems
to suggest this).
In that case you should not modify ld.so.conf for Oracle. Just run Oracle
with a suitable LD_LIBRARY_PATH and do not pollute the system config.
The Oracle installer should have created a oraenv file somewhere for you;
it messes with some env vars, including LD_LIBRARY_PATH. You should run it
(with ". /xxxx/oraenv") before Oracle.

--
Roberto Ragusa mail at robertoragusa.it
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-12-2010, 11:26 AM
"Garry T. Williams"
 
Default Oracle 11g Client and Selinux

On Wednesday, August 11, 2010 03:34:55 Roberto Ragusa wrote:
> Garry T. Williams wrote:
> > I was surprised to see /lib64/dbus-1/dbus-daemon-launch-helper
> > link to Oracle's version of libexpat.
> >
> > What did I do wrong?
>
> Did you add the line in ld.so.conf in first position or in last
> position? Could be related to ordering.
>
> Or, more simply, what you specify in ld.so.conf has precedence
> against /lib and /usr/lib, so the Oracle lib always wins. (man ld.so
> seems to suggest this).

I didn't touch ld.so.conf . I simply added a file to the
/etc/ld.so.conf.d directory. I see that the manual page implies that
/lib(64) and /usr/lib(64) are searched *after* others specified in
ld.so.conf .

I wonder why I never saw this happen before.

> In that case you should not modify ld.so.conf for Oracle. Just run
> Oracle with a suitable LD_LIBRARY_PATH and do not pollute the system
> config.

Yes, this would work, but it is a pain. I guess if Oracle must ship
their versions of core system libraries, it is required. Bad form,
though.

--
Garry T. Williams
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-12-2010, 05:10 PM
Daniel J Walsh
 
Default Oracle 11g Client and Selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/10/2010 06:42 PM, Garry T. Williams wrote:
> I just installed the Oracle 11g client on a Fedora 13 x86_64 system.
> I encountered a problem, though. Here's the summary:
>
> After installation, I wanted to add the client libraries to ldconfig
> so I could link my code to them. I added oracle.conf to the
> /etc/ld.so.conf.d directory with this line:
>
> /opt/oracle/product/lib
>
> and ran ldconfig as root. Now the fun started.
>
> I ran into the usual problems with Oracle, like needing execmod on
> their libraries. But I noticed that the system was pegged with dbus
> and sedispatch in top. Not understanding what the problem was, I
> rebooted. It's a fresh Fedora install -- I guess I'm still
> trigger-happy. :-) Now the desktop won't come up because the system
> dbus failed to start.
>
> I checked the audit logs and found:
>
> type=AVC msg=audit(1281461253.603:93564): avc: denied { execute } for pid=26249 comm="dbus-daemon-lau" path="/opt/oracle/product/lib/libexpat.so.1" dev=dm-0 ino=324505 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:usr_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1281461253.603:93564): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=130f38 a2=5 a3=802 items=0 ppid=26248 pid=26249 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
>
> I knew what to do at this point and renamed libexpat in Oracle's lib
> directory and rebooted successfully.
>
> I was surprised to see /lib64/dbus-1/dbus-daemon-launch-helper link to
> Oracle's version of libexpat.
>
> What did I do wrong?
>
I would also run restorecon -R -v /opt

To make sure the SELinux labels are correct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxkKwMACgkQrlYvE4MpobMFegCdGGch4Tyd74 ciCnws11dy90S0
pwQAniy33HZAaCvJ+5D34hrus94JRwM8
=ujOk
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-13-2010, 03:10 AM
"Garry T. Williams"
 
Default Oracle 11g Client and Selinux

On Thursday, August 12, 2010 13:10:27 Daniel J Walsh wrote:
> On 08/10/2010 06:42 PM, Garry T. Williams wrote:

> > I ran into the usual problems with Oracle, like needing execmod on
> > their libraries.

> > What did I do wrong?
> >
> I would also run restorecon -R -v /opt
> To make sure the SELinux labels are correct.

Yup. That was needed.

--
Garry T. Williams
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 09:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org