Subject: | |
From: | |
Reply To: | |
Date: | Sat, 8 Aug 2015 08:36:24 -0500 |
Content-Type: | multipart/alternative |
Parts/Attachments: |
|
|
Working through a SL7 migration.
Right now, I can't get ypbind to start, or rather, it starts in a clunky
way.
Using systemctl,
[root@pilgrim ~]# systemctl enable ypbind
[root@pilgrim ~]# systemctl start ypbind
Job for ypbind.service failed. See 'systemctl status ypbind.service' and
'journalctl -xn' for details.
but, I can get the daemon to start by running the bare command,
[root@pilgrim ~]# /usr/sbin/ypbind
[root@pilgrim ~]# rpcinfo -p localhost | grep ypbind
100007 2 udp 785 ypbind
100007 1 udp 785 ypbind
100007 2 tcp 788 ypbind
100007 1 tcp 788 ypbind
Any ideas? Is this a known bug? The output below makes it seem like this
is a conflict with selinux?
[root@pilgrim ~]# systemctl -l status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain
Binder
Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled)
Active: failed (Result: exit-code) since Sat 2015-08-08 03:33:06 CDT;
42s ago
Process: 17594 ExecStartPost=/usr/libexec/ypbind-post-waitbind
(code=exited, status=1/FAILURE)
Process: 17587 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS
(code=exited, status=0/SUCCESS)
Process: 17585 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1
(code=exited, status=0/SUCCESS)
Process: 17580 ExecStartPre=/usr/libexec/ypbind-pre-setdomain
(code=exited, status=0/SUCCESS)
Main PID: 17587 (code=exited, status=0/SUCCESS)
Status: "Processing requests..."
Aug 08 03:32:19 pilgrim setsebool[17585]: The allow_ypbind policy boolean
was changed to 1 by root
Aug 08 03:32:19 pilgrim ypbind[17587]: cannot create pidfile
/var/run/ypbind.pid
Aug 08 03:32:20 pilgrim python[17592]: SELinux is preventing
/usr/sbin/ypbind from 'read, write' accesses on the file ypbind.pid.
***** Plugin catchall (100.
confidence) suggests **************************
If you believe that ypbind should be
allowed read write access on the ypbind.pid file by default.
Then you should report this as a bug.
You can generate a local policy
module to allow this access.
Do
allow this access for now by
executing:
# grep ypbind
/var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Aug 08 03:33:06 pilgrim ypbind[17587]: cannot unlock pidfile
Aug 08 03:33:06 pilgrim systemd[1]: ypbind.service: control process exited,
code=exited status=1
Aug 08 03:33:06 pilgrim systemd[1]: Failed to start NIS/YP (Network
Information Service) Clients to NIS Domain Binder.
Aug 08 03:33:06 pilgrim systemd[1]: Unit ypbind.service entered failed
state.
--
- - - - - - - - - - - - - - - - - - - - -
Nathan Moore
Mississippi River and 44th Parallel
- - - - - - - - - - - - - - - - - - - - -
|
|
|