I took the easy way out and disabled selinux.  So far so good with the NIS server, however the client nodes still don't work.  See below

I'm not sure I understand the audit2allow command, 

[root@toulouse ~]# grep ypbind /var/log/audit/audit.log | audit2allow
unable to open (null):  Bad address

[root@toulouse ~]# ls /var/log/audit/
audit.log


On the client node

[root@toulouse ~]# rpcinfo -p localhost
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
[root@toulouse ~]# systemctl enable ypbind
[root@toulouse ~]# systemctl start ypbind
Job for ypbind.service failed. See 'systemctl status ypbind.service' and 'journalctl -xn' for details.

[root@toulouse ~]# systemctl -l status ypbind.service
ypbind.service - NIS/YP (Network Information Service) Clients to NIS Domain Binder
   Loaded: loaded (/usr/lib/systemd/system/ypbind.service; enabled)
   Active: failed (Result: exit-code) since Sat 2015-08-08 12:25:54 CDT; 1min 23s ago
  Process: 4531 ExecStartPost=/usr/libexec/ypbind-post-waitbind (code=exited, status=1/FAILURE)
  Process: 4527 ExecStart=/usr/sbin/ypbind -n $OTHER_YPBIND_OPTS (code=exited, status=0/SUCCESS)
  Process: 4524 ExecStartPre=/usr/sbin/setsebool allow_ypbind=1 (code=exited, status=1/FAILURE)
  Process: 4519 ExecStartPre=/usr/libexec/ypbind-pre-setdomain (code=exited, status=0/SUCCESS)
 Main PID: 4527 (code=exited, status=0/SUCCESS)
   Status: "Processing requests..."

Aug 08 12:25:09 toulouse setsebool[4524]: setsebool:  SELinux is disabled.
Aug 08 12:25:54 toulouse systemd[1]: ypbind.service: control process exited, code=exited status=1
Aug 08 12:25:54 toulouse systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Aug 08 12:25:54 toulouse systemd[1]: Unit ypbind.service entered failed state.

[root@toulouse ~]# journalctl -xn
-- Logs begin at Sat 2015-08-08 10:58:14 CDT, end at Sat 2015-08-08 12:25:54 CDT. --
Aug 08 12:25:09 toulouse systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
-- Subject: Unit ypbind.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ypbind.service has begun starting up.
Aug 08 12:25:09 toulouse setsebool[4524]: setsebool:  SELinux is disabled.
Aug 08 12:25:09 toulouse ypbind[4532]: Binding NIS service
Aug 08 12:25:54 toulouse ypbind[4615]: Binding took 45 seconds
Aug 08 12:25:54 toulouse ypbind[4617]: NIS server for domain natural_philosophy is not responding.
Aug 08 12:25:54 toulouse ypbind[4618]: Killing ypbind with PID 4527.
Aug 08 12:25:54 toulouse ypbind[4619]: Try increase NISTIMEOUT in /etc/sysconfig/ypbind
Aug 08 12:25:54 toulouse systemd[1]: ypbind.service: control process exited, code=exited status=1
Aug 08 12:25:54 toulouse systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
-- Subject: Unit ypbind.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ypbind.service has failed.
--
-- The result is failed.
Aug 08 12:25:54 toulouse systemd[1]: Unit ypbind.service entered failed state.



On Sat, Aug 8, 2015 at 10:42 AM, Vladimir Mosgalin <[log in to unmask]> wrote:
Hi Nathan Moore!

 On 2015.08.08 at 08:36:24 -0500, Nathan Moore wrote next:

> Working through a SL7 migration.
>
> Right now, I can't get ypbind to start, or rather, it starts in a clunky
> way.
>
> Using systemctl,
> [root@pilgrim ~]# systemctl enable ypbind
> [root@pilgrim ~]# systemctl start ypbind
> Job for ypbind.service failed. See 'systemctl status ypbind.service' and
> 'journalctl -xn' for details.
>
> but, I can get the daemon to start by running the bare command,
> [root@pilgrim ~]# /usr/sbin/ypbind
> [root@pilgrim ~]# rpcinfo -p localhost | grep ypbind
>     100007    2   udp    785  ypbind
>     100007    1   udp    785  ypbind
>     100007    2   tcp    788  ypbind
>     100007    1   tcp    788  ypbind
>
> Any ideas?  Is this a known bug?  The output below makes it seem like this
> is a conflict with selinux?

If nothing else helps, you could always disable selinux protection for
ypbind by doing
semanage permissive -a ypbind_t
(as per "man ypbind_selinux" page). However, before that:


>                                        # grep ypbind
> /var/log/audit/audit.log | audit2allow -M mypol
>                                        # semodule -i mypol.pp
>

Can you please show the output of
grep ypbind /var/log/audit/audit.log | audit2allow
?
Without that (or AVC exception itself) it's impossible to say what
exactly went wrong. audit2allow is in policycoreutils-python package.

--

Vladimir



--
- - - - - - -   - - - - - - -   - - - - - - -
Nathan Moore
Mississippi River and 44th Parallel
- - - - - - -   - - - - - - -   - - - - - - -