This content has been marked as final. Show 3 replies
SELinux is an internal subsystem of the Linux operating system. As such, it has no bearing on an O/S support entitlement.
However, SELinux is extremely invasive and has its tentacles in many other subsystems within Linux. The various modes (every access must be approved, or "enforcing"; access not permitted by SELinux rules but allowed with a warning, or "permissive"; or not used or "disabled") do have implications for user-space applications and operating system internals.
For this reason, Oracle products such as the OCFS2 file system are only usable in SELinux "disabled" mode; the "permissive" mode is still too invasive for the current OCFS2 drivers and is not allowed.
1 SELinux does not affect O/S-level support.Note: in older systems such as OEL4/RHEL4 the SELinux feature is quite buggy and should never be used at all.
2 Most Oracle products require that SELinux be turned off as part of the certified configuration.
Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies.
SELinux is a set of extra security restrictions on top of the normal Linux security tools. It gives the systems administrator a finer grain of control than what the kernel typically provides. It will, for example, prevent a program from accessing a system library, unless the policy, or the administrator allows it. When enabled, it will prevent programs like Oracle to operate. In permissive mode it will log access and mostly like cause unnecessary processing overhead.
To change SELinux's behavior you can edit the configuration file. On Fedora and RHEL systems that file is located at /etc/selinux/config.
Edited by: Dude on Jan 24, 2011 1:38 PM