[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] The lsnrctl application attempted to load /u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1 to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1'" The following command will allow this access: chcon -t textrel_shlib_t '/u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1' Additional Information: Source Context user_u:system_r:unconfined_t Target Context user_u:object_r:default_t Target Objects /u01/app/oracle/product/11.1.0/db_1/lib/libclntsh. so.11.1 [ file ] Source sqlplus Source Path /u01/app/oracle/product/11.1.0/db_1/bin/sqlplus Port <Unknown> Source RPM Packages Target RPM Packages Policy RPM selinux-policy-2.4.6-255.el5_4.1 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name allow_execmod Alert Count 7 First Seen Wed Apr 7 15:26:05 2010 Last Seen Thu Apr 8 04:16:18 2010 Local ID 7f2ae546-15a2-4739-ba2a-0f6ca4f5745c Line Numbers Raw Audit Messages host=XXXXX type=AVC msg=audit(1270714578.484:315128): avc: denied { execmod } for pid=25898 comm="lsnrctl" path="/u01/app/oracle/product/11.1.0/db_1/lib/libclntsh.so.11.1" dev=dm-0 ino=7507481 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:default_t:s0 tclass=file host=XXXXX type=SYSCALL msg=audit(1270714578.484:315128): arch=c000003e syscall=10 success=yes exit=0 a0=2ae0fdd6f000 a1=2322000 a2=5 a3=2ae0fde02800 items=0 ppid=25855 pid=25898 auid=502 uid=504 gid=505 euid=504 suid=504 fsuid=504 egid=505 sgid=505 fsgid=505 tty=pts0 ses=39 comm="lsnrctl" exe="/u01/app/oracle/product/11.1.0/db_1/bin/lsnrctl" subj=user_u:system_r:unconfined_t:s0 key=(null)
Probably best to turn off this check setsebool -P allow_execmod 1