On Feb 1, 2011, at 9:32 PM, Stephan Wiesand wrote: > On Feb 2, 2011, at 00:34 , Don Krause wrote: > >> Is selinux on a default install of SL6 Beta 1 supposed to prevent ypbind from working? > > Probably: > > # getsebool -a |grep yp > allow_ypbind --> off > > Does "setsebool -P allow_ypbind on" make it work? > > - Stephan I'll reinstall another vm and try it. I believe it may not however, as the startup script tries to allow it and fails for some reason. From /etc/init.d/ypbind: selinux_on() { [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || return #echo $"Turning on allow_ypbind SELinux boolean" setsebool allow_ypbind=1 } And: start() { ... echo -n $"Starting NIS service: " selinux_on And this doesn't work. But I'm also seeing other errors in init scripts, particularly autofs that I'm currently troubleshooting. Thanks! > > >> I'm getting this error in the audit.log >> >> type=USER_AVC msg=audit(1296601650.114:34350): user pid=2262 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=state dest=org.freedesktop.NetworkManager spid=4805 tpid=3995 scontext=unconfined_u:system_r:ypbind_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus : exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' >> >> When run through audit2allow, umm... damn, not found.. Hmm... Yeah, policycoreutils is installed.. wtf? >> >> <begin rant> >> audit2allow was moved from policycoreutils to policycoreutils-python. Has it become a game at TUV to see how many separate packages can be built from one src.rpm? >> <end rant> >> >> Sorry, distracted for a moment.. >> >> Anyway, after installing pcu-python for audit2allow, I get: >> >> module ypbind 1.0; >> >> require { >> type unconfined_t; >> type ypbind_t; >> class dbus send_msg; >> } >> >> #============= ypbind_t ============== >> allow ypbind_t unconfined_t:dbus send_msg; >> >> >> which looks reasonable, but I'm not an selinux guru. -- Don Krause Head Systems Geek, Waver of Deceased Chickens. Optivus Proton Therapy, Inc. P.O. Box 608 Loma Linda, California 92354 909.799.8327 Tel 909.799.8366 Fax [log in to unmask] www.optivus.com "This message represents the official view of the voices in my head."