SELinux problem with Oracle 11g

09 November 2010 by martin

I have just done a fresh install of Oracle 11g R2 on a Linux VM running on my little server.  Install was a breeze, it even auto generated a script to set all the necessary operating system parameters. However, after the installation I could not get SQL*Plus to start due to a SELinux problem.

This is the error I received when trying to start SQL*Plus:
$ sqlplus / as sysdba
sqlplus: error while loading shared libraries: /oracle/product/11.2.0/dbhome/lib/libclntsh.so.11.1:cannot restore segment prot after reloc: Permission denied

Solution A

After a bit of Googling I found two solutions. The first was :

(run as root)
# /usr/sbin/getenforce
Enforcing
# /usr/sbin/setenforce 0
# /usr/sbin/getenforce
Permissive
Only problem with this method was that once the machine was rebooted, the settings were lost as SQL*Plus produced the same error.

Solution B

A bit more Googling gave me this alternative solution:

Open two terminal windows, run one as root and one as oracle.

(as root)
# tail -f /var/log/audit/audit.log | tee oracle.log

(as oracle)
$ sqlplus / as sysdba
sqlplus: error while loading shared libraries: /oracle/product/11.2.0/dbhome/lib/libclntsh.so.11.1: cannot restore segment prot after reloc: Permission denied
(as root)

crtl-c (to abort the tail)
#audit2allow -M oracle < oracle.log
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i oracle.pp
# /usr/sbin/semodule -i oracle.pp

(as oracle),p>
$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Mon Nov 8 18:05:32 2010
Copyright (c) 1982, 2009, Oracle.  All rights reserved.
Connected to an idle instance.
SQL>

Afterwards I shut everything down and rebooted. This time it all worked without further problems.