DB2 systemd startup

Question

I have a DB2 systemd startup unit that is being denied by SELinux. Here is the unit:

[Unit] Description=IBM DB2 After=network.service

[Service] Type=forking EnvironmentFile=/user/home/dvdxadm1/sqllib/db2profile ExecStart=/user/home/dvdxadm1/sqllib/adm/db2start ExecStop=/user/home/dvdxadm1/sqllib/adm/db2stop force User=dvdxadm1 Group=db2iadm1 Restart=always KillMode=process KillSignal=SIGHUP

[Install] WantedBy=multi-user.target

This fails with several AVC denials, and I have tried several "audit2allow" statements in an attempt to alleviate. Does anyone have a straightforward way to get DB2 working under SELinux without turning it permissive?

score 0 · Answer 1 · answered Oct 07 '22 at 01:57

0

I fixed this by modifying the unit to run after systemd-logind and then ran audit2allow -a -M db2.pp

semodule -i db2.pp

This fixed it.

answered Oct 07 '22 at 01:57

Kevin Huntly

18
1

DB2 systemd startup

1 Answers1