Bug 178217 - su prompts for security context, causing Oracle startup to fail
su prompts for security context, causing Oracle startup to fail
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-18 12:10 EST by Bevis King
Modified: 2008-08-02 19:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-11 14:07:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/etc/init.d script for Oracle 10g (628 bytes, text/plain)
2006-01-18 12:10 EST, Bevis King
no flags Details

  None (edit)
Description Bevis King 2006-01-18 12:10:59 EST
Description of problem:
Since the latest update (U2), having SELinux enabled on RHEL4 causes the su
command to issue the following interactive challenge:

su
Password:
Your default context is root:system_r:unconfined_t.

Do you want to choose a different one? [n]

This appears to be causing the su - oracle action of the Oracle 10g dbora
startup script in /etc/init.d/ to hang waiting for an interactive response.
This means that after the update, the Oracle 10g database no longer restarts
after a reboot, instead hanging indefinitely (overnight at least) in the init
script.

Initial investigations seemed to suggest a -Z or --context= option to su would
proactively provide the required info and would resolve the issue.  The current
version of su (coreutils-5.2.1-31.2) for RHEL4 does not support this option.

Version-Release number of selected component (if applicable):
coreutils-5.2.1-31.2
kernel-2.6.9-22
selinux-policy-targeted-1.17.30-2.110

sestatus
SELinux status:         enabled
SELinuxfs mount:        /selinux
Current mode:           enforcing
Mode from config file:  enforcing
Policy version:         18
Policy from config file:targeted


How reproducible:
Every time.

Steps to Reproduce:
1.  reboot system - /etc/init.d/dbora will hang indefinitely
2.
3.
  
Actual results:
Oracle 10g database fails to start since update.

Expected results:
Oracle 10g database starts as previously.

Additional info:
Appropriate dbora script will be attached.
Comment 1 Bevis King 2006-01-18 12:10:59 EST
Created attachment 123388 [details]
/etc/init.d script for Oracle 10g
Comment 2 Daniel Walsh 2006-01-18 14:16:41 EST
They should be using runuser instead of su.

You can also remove the multiple field from /etc/pam.d/su file.

Comment 3 Bevis King 2006-06-28 10:47:27 EDT
Switching to runuser has resolved the problem.  Did this get fed back to Oracle
or do you wish me to raise a TAR with them?

Regards, Bevis.

Note You need to log in before you can comment on or make changes to this bug.