Bug 178217 - su prompts for security context, causing Oracle startup to fail
su prompts for security context, causing Oracle startup to fail
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-01-18 12:10 EST by Bevis King
Modified: 2008-08-02 19:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-11 14:07:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
/etc/init.d script for Oracle 10g (628 bytes, text/plain)
2006-01-18 12:10 EST, Bevis King
no flags Details

  None (edit)
Description Bevis King 2006-01-18 12:10:59 EST
Description of problem:
Since the latest update (U2), having SELinux enabled on RHEL4 causes the su
command to issue the following interactive challenge:

Your default context is root:system_r:unconfined_t.

Do you want to choose a different one? [n]

This appears to be causing the su - oracle action of the Oracle 10g dbora
startup script in /etc/init.d/ to hang waiting for an interactive response.
This means that after the update, the Oracle 10g database no longer restarts
after a reboot, instead hanging indefinitely (overnight at least) in the init

Initial investigations seemed to suggest a -Z or --context= option to su would
proactively provide the required info and would resolve the issue.  The current
version of su (coreutils-5.2.1-31.2) for RHEL4 does not support this option.

Version-Release number of selected component (if applicable):

SELinux status:         enabled
SELinuxfs mount:        /selinux
Current mode:           enforcing
Mode from config file:  enforcing
Policy version:         18
Policy from config file:targeted

How reproducible:
Every time.

Steps to Reproduce:
1.  reboot system - /etc/init.d/dbora will hang indefinitely
Actual results:
Oracle 10g database fails to start since update.

Expected results:
Oracle 10g database starts as previously.

Additional info:
Appropriate dbora script will be attached.
Comment 1 Bevis King 2006-01-18 12:10:59 EST
Created attachment 123388 [details]
/etc/init.d script for Oracle 10g
Comment 2 Daniel Walsh 2006-01-18 14:16:41 EST
They should be using runuser instead of su.

You can also remove the multiple field from /etc/pam.d/su file.

Comment 3 Bevis King 2006-06-28 10:47:27 EDT
Switching to runuser has resolved the problem.  Did this get fed back to Oracle
or do you wish me to raise a TAR with them?

Regards, Bevis.

Note You need to log in before you can comment on or make changes to this bug.