Summary: SELinux is preventing /usr/lib/oracle/10.2.0.4/client/bin/sqlplus "search" access on /home. Detailed Description: SELinux denied access requested by sqlplus. It is not expected that this access is required by sqlplus and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:oracle_sqlplus_t:s0-s0:c 0.c1023 Target Context system_u:object_r:home_root_t:s0 Target Objects /home [ dir ] Source sqlplus Source Path /usr/lib/oracle/10.2.0.4/client/bin/sqlplus Port <Unknown> Host (removed) Source RPM Packages oracle-instantclient-sqlplus-10.2.0.4-1 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.19-54.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.34.6-54.fc13.i686.PAE #1 SMP Sun Sep 5 17:33:43 UTC 2010 i686 i686 Alert Count 110 First Seen Tue 21 Sep 2010 03:11:46 PM MST Last Seen Tue 21 Sep 2010 03:11:46 PM MST Local ID 700b827f-a950-4006-a58d-68d9e5da6cc6 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1285107106.803:632): avc: denied { search } for pid=16255 comm="sqlplus" name="home" dev=dm-0 ino=1572865 scontext=unconfined_u:unconfined_r:oracle_sqlplus_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1285107106.803:632): arch=40000003 syscall=33 success=no exit=-13 a0=bf8ced90 a1=0 a2=3addf64 a3=3a0678c items=0 ppid=16251 pid=16255 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4 ses=1 comm="sqlplus" exe="/usr/lib/oracle/10.2.0.4/client/bin/sqlplus" subj=unconfined_u:unconfined_r:oracle_sqlplus_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,sqlplus,oracle_sqlplus_t,home_root_t,dir,search audit2allow suggests: #============= oracle_sqlplus_t ============== allow oracle_sqlplus_t home_root_t:dir search;
Taking.
When does this AVC happen? What actions were you doing when it happened?
This occurs immediately following a complete installation of Spacewalk on F13. https://fedorahosted.org/spacewalk/wiki/OracleXeSetup#KnownIssues I'm betting the following packages need revision/to be updated to deal with this AVC exception: oracle-xe-selinux oracle-instantclient-selinux oracle-instantclient-sqlplus-selinux Or maybe Oracle is really doing something it shouldn't.
(In reply to comment #3) > This occurs immediately following a complete installation of Spacewalk on F13. > > https://fedorahosted.org/spacewalk/wiki/OracleXeSetup#KnownIssues I'm confused. Is it after you've finished the steps at the OracleXeSetup page (but before you've installed the Spacewalk bits), or after all Spacewalk packages were installed? Or is it after the spacewalk-setup was run?
Anyway, I believe that the issue was addressed in Spacewalk master ec440206d21021c2ba8fdedf3dc9e2b6f1f31386, when we fixed bug 626420 (it's actually a dupe thereof).
Please use the Spacewalk 1.2 release candidate yum repo at http://koji.spacewalkproject.org/spacewalk/split/spacewalk-5E/server/spacewalk-5E-1.2/ http://koji.spacewalkproject.org/spacewalk/split/spacewalk-f12/server/spacewalk-f12-1.2/ http://koji.spacewalkproject.org/spacewalk/split/spacewalk-f13/server/spacewalk-f13-1.2/ http://koji.spacewalkproject.org/spacewalk/split/spacewalk-f14/server/spacewalk-f14-1.2/ (depending on your OS) to verify the bugzilla.
Oops, append $basearch/os to the paths to get correct baseurl.
With Spacewalk 1.2 released, marking as CLOSED CURRENTRELEASE. https://www.redhat.com/archives/spacewalk-list/2010-November/msg00111.html