Bug 1772852
Summary: | AVCs seen when nscd service is enabled | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Renaud Métrich <rmetrich> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | Jan Fiala <jafiala> |
Priority: | medium | ||
Version: | 8.1 | CC: | fadamo, jafiala, lmanasko, lvrabec, mhradile, mmalik, plautrba, rduda, ssekidde, zpytela |
Target Milestone: | rc | Keywords: | AutoVerified, Triaged |
Target Release: | 8.3 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
.NSCD databases can now use different modes
Domains in the `nsswitch_domain` attribute are allowed access to Name Service Cache Daemon (NSCD) services. Each NSCD database is configured in the `nscd.conf` file, and the `shared` property determines whether the database uses Shared memory or Socket mode.
Previously, all NSCD databases had to use the same access mode, depending on the `nscd_use_shm` boolean value. Now, using Unix stream socket is always allowed, and therefore different NSCD databases can use different modes.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 01:55:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1825061 |
Description
Renaud Métrich
2019-11-15 10:25:32 UTC
Any news? Which is the target release now? Thanks My guess is: RHEL-8.3 Target release set to 8.3. Backported to Fedora: commit cafd50640ad014d92e9efdc9aef3dbde638f1816 (HEAD -> rawhide, origin/rawhide, origin/HEAD) Author: Zdenek Pytela <zpytela> Date: Mon May 18 17:36:08 2020 +0200 Allow chronyc_t domain to use nsswitch commit 5ac560626979e00693831bd570c2a4575e50d896 Author: Zdenek Pytela <zpytela> Date: Mon May 18 17:09:37 2020 +0200 Allow nscd_socket_use() for domains in nscd_use() unconditionally The nscd_use() interface is used for nsswitch_domain or particular domains to allow access to nscd services. Each nscd database can be configured by the "shared" property in nscd.conf to use the Shared memory or Socket mode. Previously, either nscd_shm_use() or nscd_socket_use() were used, depending on the value of the nscd_use_shm boolean. Since this commit, nscd_socket_use() is always allowed so that in different nscd databases different modes can be used. *** Bug 1872304 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4528 *** Bug 2063181 has been marked as a duplicate of this bug. *** |