Selinux Fun

Alan J. Gagne alan.gagne at comcast.net
Tue Mar 29 03:41:04 UTC 2005


Not sure this was the best approach. but it's working !

Downloaded the selinux-policy-targeted-sources and added the following
to the policy.conf.

allow unconfined_t default_t:file execmod;
allow unconfined_t tmp_t:file execmod;
allow unconfined_t user_home_t:file execmod;
allow unconfined_t usr_t:file execmod;

( these were determined by running allow2audit against 
  the audit.log and taking only the ones which affected 
  the oracle processes from starting.)

Did a make and make load.

I can now start the oracle processes with selinux set to enforce.
This may have broken some security that should be in place so
if anybody has any further info please correct my habits before
they become engrained for life.

Alan




More information about the fedora-test-list mailing list