Oracle Linux: Disabling Prelink On Oracle Linux and Interoperability with Ksplice and FIPS Mode
(Doc ID 2658080.1)
Last updated on OCTOBER 20, 2022
Applies to:
Linux OS - Version Oracle Linux 6.10 and laterLinux x86-64
Goal
- What is Prelink. Reading the Man Pages:
Prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that the time needed for the dynamic linker to perform relocations at startup significantly decreases. Due to fewer relocations, the run-time memory consumption decreases as well (especially the number of unshareable pages). The prelinking information is only used at startup time if none of the dependent libraries have changed since prelinking; otherwise programs are relocated normally.
Prelink first collects ELF binaries to be prelinked and all the ELF shared libraries they depend on. Then it assigns a unique virtual address space slot to each library and relinks the shared library to that base address. When the dynamic linker attempts to load such a library, unless that virtual address space slot is already occupied, it maps the library into the given slot. After this is done, prelink, with the help of dynamic linker, resolves all relocations in the binary or library against its dependent libraries and stores the relocations into the ELF object. It also stores a list of all dependent libraries together with their checksums into the binary or library. For binaries, it also computes a list of conflicts (relocations that resolve differently in the binary's symbol search scope than in the smaller search scope in which the dependent library was resolved) and stores it into a special ELF section.
At runtime, the dynamic linker first checks whether all dependent libraries were successfully mapped into their designated address space slots, and whether they have not changed since the prelinking was done. If all checks are successful, the dynamic linker just replays the list of conflicts (which is usually significantly shorter than total number of relocations) instead of relocating each library.
- Question 1. Disable Prelink will cause any issue to the operating system ?; Is it a good practice?.
It depends of application needs; But disable prelink is a good practice, It doesn't cause problems and doesn't have any useful performance benefit any more. Prelink has gone completely from OL8.
- Question 2. Is Prelink supported on OL7?
It is supported on OL7, or at least it's in ol7_latest which strongly suggests it's supported, but it's still a good idea to remove it.
- Question 3. Is supported Prelink with FIPS MODE OR Ksplice?
You need to disable prelink if you're going to use fips mode.
Not having prelink has no detrimental effect which is why it has been disabled by default in OL7/RHEL7 for the last six or so years and why it's not in RHEL8/OL8 at all.
References for your customer regarding the conflict with userspace Ksplice and prelink:
- https://blogs.oracle.com/linux/post/monday-spotlight-patching-user-space-with-oracle-ksplice
- https://docs.oracle.com/en/operating-systems/oracle-linux/ksplice-user/section-x3k_szq_jt.html
- https://docs.oracle.com/en/operating-systems/oracle-linux/6/relnotes6.6/section_xvh_lhx_jp.html
- https://docs.oracle.com/en/operating-systems/oracle-linux/7/security/ol7-fips-enable.htm
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |