On 8 August 2015 15:36:24 CEST, Nathan Moore <[log in to unmask]> wrote:
>Working through a SL7 migration.
>
>Right now, I can't get ypbind to start, or rather, it starts in a
>clunky
>way.
>
>Using systemctl,
>[root@pilgrim ~]# systemctl enable ypbind
>[root@pilgrim ~]# systemctl start ypbind
>Job for ypbind.service failed. See 'systemctl status ypbind.service'
>and
>'journalctl -xn' for details.
>
>but, I can get the daemon to start by running the bare command,
>[root@pilgrim ~]# /usr/sbin/ypbind
>[root@pilgrim ~]# rpcinfo -p localhost | grep ypbind
>    100007    2   udp    785  ypbind
>    100007    1   udp    785  ypbind
>    100007    2   tcp    788  ypbind
>    100007    1   tcp    788  ypbind
>
>Any ideas?  Is this a known bug?  The output below makes it seem like
>this
>is a conflict with selinux?

IIRC, you just need to flip a NIS/ypbind related SELinux boolean and it should just work.  See the output of 'semanage boolean --list | grep yp' for some clues.

The reason ypbind starts outside of systemctl is that it most likely is then started unconfined, somewhat similar to disabling SELinux on the system.  While running ypbind via systemctl will restrict the powers of ypbind, confining it to a specific NIS related SELinux context.  However, it usually requires more privileges than most non-NIS systems requires, hence the need to flip an SELinux boolean.  The reason this isn't the default these days is probably due to people preferring something more modern than NIS.



--
kind regards,

David Sommerseth