Home » Infrastructure » Linux » Oracle database and SELinux (DB19.20 on OL7.9)
Oracle database and SELinux [message #689354] Tue, 28 November 2023 06:43 Go to next message
John Watson
Messages: 8916
Registered: January 2010
Location: Global Village
Senior Member
I need to enable SELinux on some DB Servers. I can't find any mention of this in the installation docs, other than a brief comment regarding ACFS (which I'm not using). Quite a few articles I've read say to set it to PERMISSVE, but that won't be good enough. I have some systems where SELinux was enabled and set to ENFORCING before the Oracle install and they run fine, but I have never enabled SELinux on a DB Server after the database install and create.

Any advice on this? If I just enable it, will everything keep working? I'll be doing a few experiments first, but I really don't know what I need to test.

Thank you for any insight.
Re: Oracle database and SELinux [message #689361 is a reply to message #689354] Wed, 29 November 2023 05:02 Go to previous messageGo to next message
Frank Naude
Messages: 4578
Registered: April 1998
Senior Member
I have no experience with it, but if looks like you will have to enable the SELinux Module for OracleASM. Also, ensure you don't start ASM with the older /etc/init.d/oracleasm interface.

PS: Interesting to note that SELinux is disabled on ExaCC nodes.
Re: Oracle database and SELinux [message #689366 is a reply to message #689361] Wed, 29 November 2023 10:02 Go to previous message
John Watson
Messages: 8916
Registered: January 2010
Location: Global Village
Senior Member
Thankyou for replying. I'm working on OCI DB System nodes, and the way they configure ASM with udev I think looks OK.

However, I do find this worrying: no SELinux on a DB System, and not on ExaCC either! Does Uncle Oracle really not want us to use it? I guess I try it in permissive mode first.

Also, on a DB System the firewalld is not merely disabled by systemctl, it is masked. I raised a TAR about that, and the response was just instructions on how to unmask it. Which didn't answer my question of whether starting the firewalld will break anything.
Previous Topic: Execute package in shell script
Next Topic: bind9 under Linux & Subdomain in BIND9
Goto Forum:
  


Current Time: Sun Feb 25 13:50:49 CST 2024