Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 621885 - All Oracle libraries requires textrel_shlib_t
All Oracle libraries requires textrel_shlib_t
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.5
All Linux
low Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-06 07:53 EDT by Göran Uddeborg
Modified: 2012-10-15 10:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Since certain Oracle libraries require a text relocation, the SELinux context for libraries in the /usr/lib/oracle/ directory has been changed to "textrel_shlib_t".
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-13 16:50:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0026 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2011-01-12 11:11:15 EST

  None (edit)
Description Göran Uddeborg 2010-08-06 07:53:25 EDT 
Description of problem:
The current policy identifies two libraries, libnnz and libclntsh, in the directory for Oracle's Instant Client, /usr/lib/oracle, as needing text relocations.  There are however additional libraries in the directory.  All of them seems to require text relocations when you use them.  (Not surprisingly, I guess, they are probably built in the same broken way.)


Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-279.el5_5.1

Some Oracle packages having the bug are:
oracle-instantclient11.1-basic-11.1.0.7.0-1
oracle-instantclient11.1-devel-11.1.0.7.0-1
oracle-instantclient11.1-jdbc-11.1.0.7.0-1
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1


How reproducible:
Every time


Steps to Reproduce:
1.sqlplus
  
Actual results:
sqlplus: error while loading shared libraries: /usr/lib/oracle/11.1/client64/lib/libsqlplus.so: cannot restore segment prot after reloc: Permission denied


Expected results:
Login prompt from sqlplus

Sqlplus is a binary included in oracle-instantclient11.1-sqlplus.  It uses some of the libraries not yet singled out in the policy as an example.

Additional info:
Until we can get Oracle to build these libraries properly (yes, I've told them, and no I haven't got any reaction), I suggest the policy assumes all .so files in /usr/lib/oracle/… need textrel_shlib_t

/usr/lib/oracle/.*/lib/lib.*\.so(\.[^/]*)* …textrel_shlib_t…
Comment 1 Daniel Walsh 2010-08-10 11:35:48 EDT 
Seems ok to me.
Comment 3 Miroslav Grepl 2010-09-09 09:11:48 EDT 
Fixed in selinux-policy-2.4.6-283.el5.noarch
Comment 6 Tomas Straupis 2010-11-20 07:53:54 EST 
I have the same problem after upgrade to Fedora14 (it was ok in Fedora13):

$ sqlplus
sqlplus: error while loading shared libraries: libsqlplus.so: cannot enable executable stack as shared object requires: Permission denied

Should I report it separately with product "Fedora"?

selinux-policy-3.9.7-10.fc14.noarch
Comment 7 Jaromir Hradilek 2011-01-05 11:18:57 EST 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Since certain Oracle libraries require a text relocation, the SELinux context for libraries in the /usr/lib/oracle/ directory has been changed to "textrel_shlib_t".
Comment 9 errata-xmlrpc 2011-01-13 16:50:15 EST 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.