Description of problem: Installed Satellite on s390x, it failed. I attempted reinstall and it said it couldn't connect to database. I started oracle and it failed. Saw error: # /etc/init.d/oracle start /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl: error while loading shared libraries: /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1: cannot restore segment prot after reloc: Permission denied I assumed it's a SELinux issue. I ran: chcon -R -t textrel_shlib_t /opt/apps/oracle Now oracle starts. Version-Release number of selected component (if applicable): Satellite-5.3.0-RHEL5-re20090625.0-s390x-embedded-oracle.iso How reproducible: Unsure, the s390x boxes are having more oracle issues with install. I don't know if the SELinux portion happens towards the end of the install, and the installer bailed out before hitting that area. Steps to Reproduce: 1. Install sat on s390x, exit install after db install but before finish. 2. Start oracle Actual results: # /etc/init.d/oracle start /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl: error while loading shared libraries: /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1: cannot restore segment prot after reloc: Permission denied Expected results: Oracle starts Additional info:
John, can you please paste output of: rpm -q redhat-release (that's because generally s390x installs on *.z900.redhat.com were RHEL 5.0, not good) semodule -l (to see if the SELinux policy modules are loaded at all) grep AVC /var/log/audit/audit.log (to see what AVC denials you got) ls -Z /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1 (to see the type of these two) execstack -q /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1 (to see the execstack of these two) Thank you.
In general, I consider this a dupe of 505606 but I'd like to have it confirmed.
Hi Jan, This is the default RHEL 5.0 provisioning setup from the z900 setup. rpm -q redhat-release redhat-release-5Server-5.0.0.9 # semodule -l amavis 1.1.0 ccs 1.0.0 clamav 1.1.0 dcc 1.1.0 dnsmasq 1.1.1 evolution 1.1.0 ipsec 1.4.0 iscsid 1.0.0 mozilla 1.1.0 mplayer 1.1.0 nagios 1.1.0 oddjob 1.0.1 pcscd 1.0.0 pki 1.0.0 prelude 1.0.0 pyzor 1.1.0 razor 1.1.0 ricci 1.0.0 smartmon 1.1.0 virt 1.0.0 zosremote 1.0.0 # ls -Z /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl -rwxr-x--x oracle dba system_u:object_r:textrel_shlib_t /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl rwxr-xr-x oracle dba system_u:object_r:textrel_shlib_t /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1 execstack -q /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl - /opt/apps/oracle/web/product/10.2.0/db_1/bin/lsnrctl execstack -q /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1 - /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1
Created attachment 349972 [details] grep AVC /var/log/audit/audit.log
John, installation of plain RHEL 5.0 will not work unless you relabel the filesystem. None of the Spacewalk/Oracle SELinux modules are loaded here. Please see bug 505606 for more info. I'm closing this bugzilla as dupe of 505606. Feel free to reopen if you think otherwise. *** This bug has been marked as a duplicate of bug 505606 ***
Hi Jan, I followed your advice and upgraded the s390x machine to 5.3, did the upgrade from 5.0 to 5.3 through "yum update -y" followed be a reboot. # rpm -q redhat-release redhat-release-5Server-5.3.0.3 I attempted an install, it failed with this message: oracle-rhnsat 10.2.11.4 + restorecon -rv /rhnsat restorecon set context /rhnsat->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' restorecon set context /rhnsat/admin->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' restorecon set context /rhnsat/data->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' I then realized I didn't relabel the FS as you said, so I executed: # touch /.autorelabel # reboot I watched through the x3270 console and saw that the files were relabeled during bootup. I re-ran the install.pl and saw the same Oracle errors: # tail /var/log/rhn/install_db.log + mkdir -p /rhnsat/data /rhnsat/admin + chown -R oracle:dba /rhnsat + selinuxenabled + semodule -l + grep '^oracle-rhnsat\b' oracle-rhnsat 10.2.11.4 + restorecon -rv /rhnsat restorecon set context /rhnsat->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' restorecon set context /rhnsat/admin->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' restorecon set context /rhnsat/data->system_u:object_r:oracle_dir_t:s0 failed:'Operation not supported' /rhnsat is a NFS mount /var/satellite is a NFS mount # grep AVC /var/log/audit/audit.log type=USER_AVC msg=audit(1246479370.866:27): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=2) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479393.706:30): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=3) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479420.986:31): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=4) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479440.806:33): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=5) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479451.436:35): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=6) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479460.406:37): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=7) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479580.806:39): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=8) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479588.956:42): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=9) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479748.756:57): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=10) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479789.926:59): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=11) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479824.936:61): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=12) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479833.796:62): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=13) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479943.236:66): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=14) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479955.166:68): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=15) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479962.096:70): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=16) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479979.206:72): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=17) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246479989.316:74): user pid=1374 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=18) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' type=USER_AVC msg=audit(1246482578.398:49): user pid=1393 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received policyload notice (seqno=2) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)' # semodule -l amavis 1.1.0 ccs 1.0.0 clamav 1.1.0 dcc 1.1.0 dnsmasq 1.1.1 evolution 1.1.0 ipsec 1.4.0 iscsid 1.0.0 jabber 1.4.2.6 mozilla 1.1.0 mplayer 1.1.0 nagios 1.1.0 oddjob 1.0.1 oracle-nofcontext 1.1.1 oracle-rhnsat 10.2.11.4 osa-dispatcher 5.9.10.5 pcscd 1.0.0 pki 1.0.0 prelude 1.0.0 pyzor 1.1.0 razor 1.1.0 ricci 1.0.0 smartmon 1.1.0 spacewalk-monitoring 0.5.7.9 spacewalk 0.5.4.9 virt 1.0.0 zosremote 1.0.0 # ls -Z /rhnsat/ drwxr-xr-x oracle dba system_u:object_r:nfs_t admin drwxr-xr-x oracle dba system_u:object_r:nfs_t data Do you have any tips for getting past these errors? Thanks, John
Setting NEED_INFO for comment #6, as I removed it by accident.
/rhnsat on NFS is not supported. If you want to test embedded on s390x, you'll need to find machine with large enough disk to put the embedded data in /rhnsat on the local disk.
Marking CloseValid