| Oracle database and SELinux [message #689354] |
Tue, 28 November 2023 06:43  |
John Watson
Messages: 8961
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
I need to enable SELinux on some DB Servers. I can't find any mention of this in the installation docs, other than a brief comment regarding ACFS (which I'm not using). Quite a few articles I've read say to set it to PERMISSVE, but that won't be good enough. I have some systems where SELinux was enabled and set to ENFORCING before the Oracle install and they run fine, but I have never enabled SELinux on a DB Server after the database install and create.
Any advice on this? If I just enable it, will everything keep working? I'll be doing a few experiments first, but I really don't know what I need to test.
Thank you for any insight.
|
|
|
|
| Re: Oracle database and SELinux [message #689361 is a reply to message #689354] |
Wed, 29 November 2023 05:02  |
Frank Naude
Messages: 4581
Registered: April 1998
|
Senior Member |
|
|
I have no experience with it, but if looks like you will have to enable the SELinux Module for OracleASM. Also, ensure you don't start ASM with the older /etc/init.d/oracleasm interface.
PS: Interesting to note that SELinux is disabled on ExaCC nodes.
|
|
|
|
| Re: Oracle database and SELinux [message #689366 is a reply to message #689361] |
Wed, 29 November 2023 10:02 |
John Watson
Messages: 8961
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Thankyou for replying. I'm working on OCI DB System nodes, and the way they configure ASM with udev I think looks OK.
However, I do find this worrying: no SELinux on a DB System, and not on ExaCC either! Does Uncle Oracle really not want us to use it? I guess I try it in permissive mode first.
Also, on a DB System the firewalld is not merely disabled by systemctl, it is masked. I raised a TAR about that, and the response was just instructions on how to unmask it. Which didn't answer my question of whether starting the firewalld will break anything.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
