According to the installation documentation, SELinux is supported for Oracle database as of 11gR2. Check the following: http://docs.oracle.com/cd/E11882_01/readmes.112/e41331/toc.htm#READM109
So unless you rely on ACFS, SELinux is supported. Also do not confuse ASM with ASMLib. ASMLib will fail if SELinux is set to “enforcing”. However, ASMLib is optional, but then you must configure device name persistence configuring Linux UDEV.
Whether you would really want SELinux running on an Oracle server is an other questions. I suggest to review the following thread: https://community.oracle.com/thread/2165086. It appears to be the most common practice to disable SELinux on servers running Oracle.
Dude, thanks for the quick reply. You are correct, I was incorrectly referring to ASM when the real issue I was wondering about was asmlib. I didn't want to get into the need for writing udev rules but it looks like I may have to if asmlib doesn't support selinux in enforcing mode.
I may have to get a waiver if selinux enforcing mode is not supported or recommended.
To be honest I have never tried to make ASMLib work with SELinux enforced. Whether or not it was a matter of policies or incompatibility I do not know, but from reading about it, it seems to be the later.
I suggest not to assume that SELinux is required or was generally a good thing to have enforced. For an Oracle database server with a limited amount of known users, applications and services I do not really see a lot of benefit from SELinux other than to provide a safeguard in case the security of Oracle processes and applications are compromised. It may rather have a negative impact on performance, proper function or troubleshooting and may complicate matters for no valid reason.
Why exactly is SELinux required in your case?
And it far more complex than simply enabling it. It is also about configuring it and managing it.
SELinux is like a dangerous and vicious security dog inside your house - where you need to have permission to open the fridge, or be bitten. Question though is who and what is guarding your property border to prevent burglars from gaining access to your house in the first place?
In my view - if you say you need to have SELinux enabled, you are saying you face serious security risks.. which means SELinux alone does not suffice and the same type of heavy artillery is needed to protect the network, physical IT infrastructure, application usage, data access, etc. etc.
I think a typical example where SELinux makes sense was if someone would access your computer services, such as Oracle database, and manages to exploid a buffer overflow vulnerability to inject code and perform actions the application or process was not designed for, like accessing the file system. Such issues are typically addressed by Oracle security patches.
Exactly - and if your network access to the database was secure, then the chances are less that a payload can be delivered to the database, resulting in an exploit that needs SELinux to prevent.