RHEL5 or OEL5: Oracle 10g/11g "error while loading shared libraries" or stalled OUI

March 5, 2009  |  dba, linux, security

A Quick intro… Take a look at the following issues:

Symptom : Oracle Database Configuration Assistant (DBCA) stalled while creating the database
Symptom : Oracle IAS 10G  stalled during software installation with message “Please wait, this will take a moment”
Symptom : error while loading shared libraries: $ORACLE_HOME/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied

If you ever had any of the previous symptons while trying to install Oracle Software,  create a instance / database with DBCA, create a listener or even run sqlplus… then you probably have SELinux mode set to “Enforcing”.

Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD.

Under Oracle Enterprise Linux or Redhat Enterprise Linux, if needed we can switch  SELinux from the default “Enforcing” mode that it is running in, to the “Permissive” mode by running following commands as root user:

[root@server~]# getenforce
Enforcing
[root@server~]# setenforce 0
[root@server~]# getenforce
Permissive

The previous commandes changed the default mode to “permissive” and allows SELinux to continue running, and logging denial messages, but will not deny any operations. If you would like to return to Enforcing mode just run as root:

[root@server~]# setenforce 1
[root@server~]# getenforce
Enforcing

Another way to temporarily disable (0) or enable (1) SELinux is to run one of the following commands:

[root@server~]# echo 0 > /selinux/enforce
[root@server~]# echo 1 > /selinux/enforce
The previous commands are immediate, and will remain in effect until the next reboot. If you want to make “Permissive” mode permanent you must add “enforcing=0” to the kernel boot line that usually is at /etc/grub.conf file. For instance:

# grub.conf generated by anaconda
#
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Enterprise Linux (2.6.18-92.el5PAE)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.18-92.el5PAE ro root=LABEL=/ enforcing=0
        initrd /boot/initrd-2.6.18-92.el5PAE.img
.
.

Instead of editing grub we can configure SELinux by editing the file /etc/selinux/config and choose any of the following modes:

SELINUX=enforcing
or
SELINUX=permissive
or
SELINUX=disabled
After the next reboot the SELinux will comply to the permanent settings that we have choosen above.


1 Comment


  1. hi, thanks for giving this huge information……. i like this article and got some important information…. thnx allot

Leave a Reply