This discussion is archived
6 Replies Latest reply: May 2, 2011 8:56 AM by Nicolas.Gasparotto RSS

SELINUX=permissive raises error messages in /var/log/messages

Nicolas.Gasparotto Oracle ACE
Currently Being Moderated
Hello,

On the Peoplesoft OVM App/Batch (so far I tested it on HCM, PS and CRM), the SELinux is set to permissive mode.
It causes a couple of messages in /var/log/messages each time we start the AppServer and Batch server as well as a sqlplus connection from App/Batch server to the database (each time Oracle librairies are involved) :
Nov 21 08:47:09 psovmcrm kernel: audit(1290347229.280:3): avc:  denied  { execmod } for  pid=1466 comm="sqlplus" path="/opt/oracle/psft/pt/oracle-client/11.1.0.7-64bit/lib/libnnz11.so" dev=xvdb1 ino=2486 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
Nov 21 08:59:15 psovmcrm kernel: audit(1290347955.365:4): avc:  denied  { execmod } for  pid=1629 comm="PSAPPSRV" path="/opt/oracle/psft/pt/oracle-client/11.1.0.7-64bit/lib/libnnz11.so" dev=xvdb1 ino=2486 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
Nov 21 09:00:48 psovmcrm kernel: audit(1290348048.663:5): avc:  denied  { execmod } for  pid=1645 comm="PSANALYTICSRV" path="/opt/oracle/psft/pt/tools/bin/libcplex110.so" dev=xvdb1 ino=838585 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file  
The workaround found is to disable SELinux, change the file /etc/selinux/config
from
SELINUX=permissive
to
SELINUX=disabled
Is there anything better or is it possible to make it disable by default to avoid those messages ?
Note that on database VMs, SELinux is already disabled.

Thanks,

Nicolas.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points