Kevin Kempf's Blog

October 10, 2011

Are you really, really, really, really sure?

Filed under: Oracleisms — kkempf @ 1:10 pm
Do you want to proceed? [y|n]
User Responded with: Y

Running prerequisite checks...
Patch 11724936: Optional component(s) missing : [ oracle.rdbms.dv.oc4j, ] , [ oracle.rdbms.dv, ] 

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/u01/apptrain/oracle/traindb/11.1.0')

Is the local system ready for patching? [y|n]
User Responded with: Y

So… how many times does someone say they’re ready to proceed, but their local system is not ready for patching? I’m all about second chances to change your mind. Why not ask another a few more times?

Do you want to proceed? [y|n]
Is the local system ready for patching? [y|n]
Are you really sure you're ready for this patch? [y|n]
Are you really, really sure? [y|n]

To proceed with this patch, please verify the words above

SELinux & RedHat Reboots

Filed under: Uncategorized — kkempf @ 8:15 am

PC Load letter

So I’m working a maintenance window yesterday which required a reboot of a RHEL5 production server which houses 4 non-11i Oracle databases.  It had been nearly a year since the last reboot (!) and I badly needed a kernel update.  After the reboot, I go to start the listener on my Kronos (timekeeping) database, and I get this:

$ lsnrctl start KRONOS 
lsnrctl: error while loading shared libraries: /u01/kronos/kronosdb/11.1.0/lib/ cannot restore segment prot after reloc: Permission denied

I have to confess, I’ve actually hit this before, but it had been a long time (at least a year) and I had to knock the cobwebs free to remember the solution. In short, SELinux doesn’t allow this shared library to be accessed, and this will stop your listener, sqlplus, webcache, or other executable from starting. The quick fix is rather simple: disable SELinux as follows:

# su - 
# getenforce 
# setenforce 0 
# exit 
$ lsnrctl start KRONOS 
LSNRCTL for Linux: Version - Production on 09-OCT-2011 10:23:19 Copyright (c) 1991, 2008, Oracle. All rights reserved. 
Starting /u01/kronos/kronosdb/11.1.0/bin/tnslsnr: please wait... 
The command completed successfully

The better answer?

If you check Doc ID 454196.1, you will see that Oracle has a few solutions for it, as even they recognize that disabling SELinux is bad policy. First, it appears there is a patch for RDBMS (9215184) and that the issue is resolved in For those of us who don’t consider an RDBMS upgrade a solution, apparently Red Hat has a bug filed for this. Interesting, as if you read it, you will see that Oracle built their shared library wrong, and RedHat had to essentially create a new SELinux rule for this in RHEL5.5:

Fixed in selinux-policy-2.4.6-256.el5
I believe this has missed RHEL5.4, so it will be in RHEL5.5

Note that this seems a little suspect, as I checked my release and it would appear to be fine:
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.7 (Tikanga)

Blog at