And???
On EL5/RHEL5+ 11g, Someone might find some error. example:
error while loading shared libraries: $ORACLE_HOME/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied
That's a bug(FAILS TO LOAD LIBNNZ11.SO WITH SELINUX ENABLED ON EL5/RHEL5)... we need to change SELinux mode. How?
If we need to change "Enforcing" mode to the "Permissive" mode, we can use "setenforce" command.
# setenforceusage: setenforce [ Enforcing | Permissive | 1 | 0 ]setenforce 1 — SELinux runs in enforcing mode.setenforce 0 — SELinux runs in permissive mode.
Example:
# getenforceEnforcing# setenforce 0# getenforcePermissive# sestatus -vSELinux status: enabledSELinuxfs mount: /selinuxCurrent mode: permissiveMode from config file: enforcingPolicy version: 18Policy from config file:targeted..
A "setenforce" command,that change mode immediate, and effect until the next reboot.
If we need to use "Permissive" mode at the next reboot, we have to modify /etc/selinux/config file as well.
SELINUX=permissive
SELINUX=enforcing|permissive|disabledenforcing — The SELinux security policy is enforced.permissive — The SELinux system prints warnings but does not enforce policy.This is useful for debugging and troubleshooting purposes. In permissive mode, more denials are logged because subjects can continue with actions that would otherwise be denied in enforcing mode. For example, traversing a directory tree in permissive mode produces avc: denied messages for every directory level read. In enforcing mode, SELinux would have stopped the initial traversal and kept further denial messages from occurring.disabled — SELinux is fully disabled. SELinux hooks are disengaged from the kernel and the pseudo-file system is unregistered.
Posts
No comments:
Post a Comment