On Feb 2, 2011, at 00:34 , Don Krause wrote: > Is selinux on a default install of SL6 Beta 1 supposed to prevent ypbind from working? Probably: # getsebool -a |grep yp allow_ypbind --> off Does "setsebool -P allow_ypbind on" make it work? - Stephan > I'm getting this error in the audit.log > > type=USER_AVC msg=audit(1296601650.114:34350): user pid=2262 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=4805 tpid=3995 scontext=unconfined_u:system_r:ypbind_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus : exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' > > When run through audit2allow, umm... damn, not found.. Hmm... Yeah, policycoreutils is installed.. wtf? > > <begin rant> > audit2allow was moved from policycoreutils to policycoreutils-python. Has it become a game at TUV to see how many separate packages can be built from one src.rpm? > <end rant> > > Sorry, distracted for a moment.. > > Anyway, after installing pcu-python for audit2allow, I get: > > module ypbind 1.0; > > require { > type unconfined_t; > type ypbind_t; > class dbus send_msg; > } > > #============= ypbind_t ============== > allow ypbind_t unconfined_t:dbus send_msg; > > > which looks reasonable, but I'm not an selinux guru. -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany