SAP and Linux

More and more large enterprises are moving into Linux and other open source software because they are a lot cheaper as they are robust and stable. The popularity of Linux used to be predominant in the field of servers. But today, Linux is ubiquitous as it had gained support from mainstream giants such as IBM, Sun Microsystems, Dell, Hewlett-Packard and Novell.

SAP and Linux has a particularly tight relationship with the SELinux distro. As a short backgrounder, the SELinux distro was developed by the National Security Agency (NSA). No wonder the SE stands for Security Enhanced. This distro was originally developed as a research prototype of the Linux kernel as well as some utilities for security purposes. Now, the SELinux distro has already been integrated into the mainline Linux 2.6 kernel series.

This blog is meant to focus on the Solution Manager 4.0 SR1 system with MaxDB and how it can be securely deployed with SELinux, whose modules are compiled binaries having many hard coded directory names. SAP generally is not shipped with any precompiled policy that can be employed by all SAP customers.


Before SAP can be installed in on SELinux, the following SELinux rpm packages should have been installed already: selinux-policy, selinux-policy-targeted and selinux-policy-devel.

When all the above mentioned packages are in place, we need to check the contents of /etc/selinux/config and make sure the two variable are present:

SELINUX=enforcing
SELINUXTYPE=targeted

We then need to start to build the new policy with SAP Solution Manager 4.0 SR1 by going to the directory that contains the needed tools: cd /usr/share/selinux/devel

We need to build our policy from scratch so we called the policygentool script along with policy name and the binary belonging to the policy.

./policygentool sap /sapmnt/LSM/exe/R3trans
[..some information..]
Return to continue

If the module uses pidfiles, what is the pidfile called?

If the module uses logfiles, where are they stored?
>/usr/sap/LSM/DVEBMGS00/workIf the module has var/lib files, where are they stored?

Does the module have a init script? [yN]
y
Does the module use the network? [yN]
y

After the execution, the procedure will have created the following files as the source of the new policy:
# ls -la sap*
-rw-r--r-- 1 root root 265 May 3 17:41 sap.fc
-rw-r--r-- 1 root root 463 May 3 17:41 sap.if
-rw-r--r-- 1 root root 1539 May 3 17:41 sap.te


There are many tutorials you can find on the internet. I think the collaboration between the Linux and the open source world and SAP applications in particular as well as ERP in general will be a great benefit to the business world especially for the small and medium size enterprises. This will mean a big cut in expenses as Linux is basically free so the savings can be rolled into other investments. And since open source is a collaboration of thousands of coders around the world, more developments are definitely coming their way.