Forums

Forums for the discussion of JADE technologies and solutions

Skip to content

SELinux and Jade

For questions and postings not covered by the other forums
Post Reply
ConvertFromOldNGs
Posts: 5321
Joined: Wed Aug 05, 2009 5:19 pm

SELinux and Jade

Postby ConvertFromOldNGs » Fri Aug 07, 2009 1:24 pm

by Brendan >> Thu, 11 Dec 2008 13:32:12 GMT

Hi,
I installed Jade 6.2.16 on Linux RHEL5, following the steps in the documentation. However, it failed to register the licence key giving the error "cannot restore segment prot after reloc: Permission denied". Some googling suggested that this is due to SELinux (Security Enhanced Linux) settings and I might try disabling SELinux. I did this and indeed it "fixed" the problem and the system is now working.

However, is this really a viable solution or is it akin to disabling a firewall if that is causing a problem? I know very little about SELinux, but it is enabled by default in RHEL5. If SELinux is disabled, am I no worse off than I was in RHEL3 (with no SELinux) and therefore should I just forget about it and just concentrate on the usual suspects like locking down ip tables etc?

There is nothing in the Jade documentation covering any settings for SELinux when running Jade so I was wondering if anyone else has had similar problems or if the Jade Plant has any view on the recommended way of dealing with this issue.

Any help or comments appreciated.

Thanks in advance,
Brendan
Top
ConvertFromOldNGs
Posts: 5321
Joined: Wed Aug 05, 2009 5:19 pm

Re: SELinux and Jade

Postby ConvertFromOldNGs » Fri Aug 07, 2009 1:24 pm

by Jade Support >> Tue, 16 Dec 2008 23:36:30 GMT

Brendan,

I cannot guarantee this will work, but you could try the following (as root):

chcon -t textrel_shlib_t $JADEHOME/lib/libjomutil.so

If this works, then you should be able to re-enable selinux and have JADE run.

You should also check the selinux/audit log for which shared libraries are having problems. There may be more then just libjomutil.so that needs the chcon command.

Regards,
Jade Support.
Top
ConvertFromOldNGs
Posts: 5321
Joined: Wed Aug 05, 2009 5:19 pm

Re: SELinux and Jade

Postby ConvertFromOldNGs » Fri Aug 07, 2009 1:24 pm

by Brendan >> Thu, 18 Dec 2008 10:03:07 GMT

Hi,
Success! The chcon command seemed to do the trick.

Thanks again,
Brendan
Top
ConvertFromOldNGs
Posts: 5321
Joined: Wed Aug 05, 2009 5:19 pm

Re: SELinux and Jade

Postby ConvertFromOldNGs » Fri Aug 07, 2009 1:25 pm

by Brendan >> Thu, 30 Apr 2009 14:47:46 GMT

Further to this, I found two other SELinux issues with Jade. The first was similar to the original one but for mod_jadehttp on Apache. To avoid it do (as root)

chcon -t textrel_shlib_t /etc/httpd/modules/mod_jadehttp32.so

The second was when mod_jadehttp was attempting to communicate (via tcp/ip) with a Jade webservice application. There is a permission error on the tcp_open. This can be detoured by doing (as root)

setsebool -P httpd_can_network_connect 1

Just to make sure, is this the best way to fix the second issue?

Cheers, Brendan
Top
Post Reply

Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 34 guests

Powered by phpBB® Forum Software © phpBB Limited