Red Hat Bugzilla – Bug 178217
su prompts for security context, causing Oracle startup to fail
Last modified: 2008-08-02 19:40:32 EDT
Description of problem:
Since the latest update (U2), having SELinux enabled on RHEL4 causes the su
command to issue the following interactive challenge:
Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
This appears to be causing the su - oracle action of the Oracle 10g dbora
startup script in /etc/init.d/ to hang waiting for an interactive response.
This means that after the update, the Oracle 10g database no longer restarts
after a reboot, instead hanging indefinitely (overnight at least) in the init
Initial investigations seemed to suggest a -Z or --context= option to su would
proactively provide the required info and would resolve the issue. The current
version of su (coreutils-5.2.1-31.2) for RHEL4 does not support this option.
Version-Release number of selected component (if applicable):
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 18
Policy from config file:targeted
Steps to Reproduce:
1. reboot system - /etc/init.d/dbora will hang indefinitely
Oracle 10g database fails to start since update.
Oracle 10g database starts as previously.
Appropriate dbora script will be attached.
Created attachment 123388 [details]
/etc/init.d script for Oracle 10g
They should be using runuser instead of su.
You can also remove the multiple field from /etc/pam.d/su file.
Switching to runuser has resolved the problem. Did this get fed back to Oracle
or do you wish me to raise a TAR with them?