Description of problem:
The current policy identifies two libraries, libnnz and libclntsh, in the directory for Oracle's Instant Client, /usr/lib/oracle, as needing text relocations. There are however additional libraries in the directory. All of them seems to require text relocations when you use them. (Not surprisingly, I guess, they are probably built in the same broken way.)
Version-Release number of selected component (if applicable):
Some Oracle packages having the bug are:
Steps to Reproduce:
sqlplus: error while loading shared libraries: /usr/lib/oracle/11.1/client64/lib/libsqlplus.so: cannot restore segment prot after reloc: Permission denied
Login prompt from sqlplus
Sqlplus is a binary included in oracle-instantclient11.1-sqlplus. It uses some of the libraries not yet singled out in the policy as an example.
Until we can get Oracle to build these libraries properly (yes, I've told them, and no I haven't got any reaction), I suggest the policy assumes all .so files in /usr/lib/oracle/… need textrel_shlib_t
Seems ok to me.
Fixed in selinux-policy-2.4.6-283.el5.noarch
I have the same problem after upgrade to Fedora14 (it was ok in Fedora13):
sqlplus: error while loading shared libraries: libsqlplus.so: cannot enable executable stack as shared object requires: Permission denied
Should I report it separately with product "Fedora"?
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Since certain Oracle libraries require a text relocation, the SELinux context for libraries in the /usr/lib/oracle/ directory has been changed to "textrel_shlib_t".
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.