LISTSERV - SCIENTIFIC-LINUX-USERS Archives

I took the easy way out and disabled selinux.  So far so good with the NIS
server, however the client nodes still don't work.  See below

I'm not sure I understand the audit2allow command,

[root@toulouse ~]# grep ypbind /var/log/audit/audit.log | audit2allow
unable to open (null):  Bad address

[root@toulouse ~]# ls /var/log/audit/
audit.log


On the client node

[root@toulouse ~]# rpcinfo -p localhost
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
[root@toulouse ~]# systemctl enable ypbind
[root@toulouse ~]# systemctl start ypbind
Job for ypbind.service failed. See 'systemctl status ypbind.service' and
'journalctl -xn' for details.

[root@toulouse ~]# systemctl -l status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain
Binder
   Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled)
   Active: failed (Result: exit-code) since Sat 2015-08-08 12:25:54 CDT;
1min 23s ago
  Process: 4531 ExecStartPost=/usr/libexec/ypbind-post-waitbind
(code=exited, status=1/FAILURE)
  Process: 4527 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS
(code=exited, status=0/SUCCESS)
  Process: 4524 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1
(code=exited, status=1/FAILURE)
  Process: 4519 ExecStartPre=/usr/libexec/ypbind-pre-setdomain
(code=exited, status=0/SUCCESS)
 Main PID: 4527 (code=exited, status=0/SUCCESS)
   Status: "Processing requests..."

Aug 08 12:25:09 toulouse setsebool[4524]: setsebool:  SELinux is disabled.
Aug 08 12:25:54 toulouse systemd[1]: ypbind.service: control process
exited, code=exited status=1
Aug 08 12:25:54 toulouse systemd[1]: Failed to start NIS/YP (Network
Information Service) Clients to NIS Domain Binder.
Aug 08 12:25:54 toulouse systemd[1]: Unit ypbind.service entered failed
state.

[root@toulouse ~]# journalctl -xn
-- Logs begin at Sat 2015-08-08 10:58:14 CDT, end at Sat 2015-08-08
12:25:54 CDT. --
Aug 08 12:25:09 toulouse systemd[1]: Starting NIS/YP (Network Information
Service) Clients to NIS Domain Binder...
-- Subject: Unit ypbind.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ypbind.service has begun starting up.
Aug 08 12:25:09 toulouse setsebool[4524]: setsebool:  SELinux is disabled.
Aug 08 12:25:09 toulouse ypbind[4532]: Binding NIS service
Aug 08 12:25:54 toulouse ypbind[4615]: Binding took 45 seconds
Aug 08 12:25:54 toulouse ypbind[4617]: NIS server for domain
natural_philosophy is not responding.
Aug 08 12:25:54 toulouse ypbind[4618]: Killing ypbind with PID 4527.
Aug 08 12:25:54 toulouse ypbind[4619]: Try increase NISTIMEOUT in
/etc/sysconfig/ypbind
Aug 08 12:25:54 toulouse systemd[1]: ypbind.service: control process
exited, code=exited status=1
Aug 08 12:25:54 toulouse systemd[1]: Failed to start NIS/YP (Network
Information Service) Clients to NIS Domain Binder.
-- Subject: Unit ypbind.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ypbind.service has failed.
--
-- The result is failed.
Aug 08 12:25:54 toulouse systemd[1]: Unit ypbind.service entered failed
state.



On Sat, Aug 8, 2015 at 10:42 AM, Vladimir Mosgalin <[log in to unmask]
> wrote:

> Hi Nathan Moore!
>
>  On 2015.08.08 at 08:36:24 -0500, Nathan Moore wrote next:
>
> > Working through a SL7 migration.
> >
> > Right now, I can't get ypbind to start, or rather, it starts in a clunky
> > way.
> >
> > Using systemctl,
> > [root@pilgrim ~]# systemctl enable ypbind
> > [root@pilgrim ~]# systemctl start ypbind
> > Job for ypbind.service failed. See 'systemctl status ypbind.service' and
> > 'journalctl -xn' for details.
> >
> > but, I can get the daemon to start by running the bare command,
> > [root@pilgrim ~]# /usr/sbin/ypbind
> > [root@pilgrim ~]# rpcinfo -p localhost | grep ypbind
> >     100007    2   udp    785  ypbind
> >     100007    1   udp    785  ypbind
> >     100007    2   tcp    788  ypbind
> >     100007    1   tcp    788  ypbind
> >
> > Any ideas?  Is this a known bug?  The output below makes it seem like
> this
> > is a conflict with selinux?
>
> If nothing else helps, you could always disable selinux protection for
> ypbind by doing
> semanage permissive -a ypbind_t
> (as per "man ypbind_selinux" page). However, before that:
>
>
> >                                        # grep ypbind
> > /var/log/audit/audit.log | audit2allow -M mypol
> >                                        # semodule -i mypol.pp
> >
>
> Can you please show the output of
> grep ypbind /var/log/audit/audit.log | audit2allow
> ?
> Without that (or AVC exception itself) it's impossible to say what
> exactly went wrong. audit2allow is in policycoreutils-python package.
>
> --
>
> Vladimir
>



-- 
- - - - - - -   - - - - - - -   - - - - - - -
Nathan Moore
Mississippi River and 44th Parallel
- - - - - - -   - - - - - - -   - - - - - - -