Bug 188572

Summary: ypbind fails to start due to selinux policy problems
Product: [Fedora] Fedora Reporter: bob mckay <urilabob>
Component: ypbindAssignee: Steve Dickson <steved>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-28 20:06:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit2why output
none
Audit log over a full ypbind start - restart service tool - ypbind stop cycle none

Description bob mckay 2006-04-11 11:59:58 UTC
Description of problem: ypbind will not start in my installation, apparently due
to selinux policy problems. To the best of my knowledge, I have not altered
selinux policy from the default.


Version-Release number of selected component (if applicable):
ypbind (ypbind-mt) 1.19

How reproducible:
100% on my installation - cannot get ypbind to start properly


Steps to Reproduce:
1.use selinux security configuration tool to disable selinux protection for
ypbind daemon
2.use service configuration tool to start ypbind
3.
  
Actual results:
service configuration tool starts spinning its wheel, and continues to do so
forever. Meanwhile, any concurrently open browsers lose their connections (that
is, http get's fail thereafter). On quitting service configuration tool and
restarting it, it reports ypbind as running. Stopping ypbind frees up any
currently frozen browser connections. It sometimes takes two attempts to
actually stop ypbind.

Expected results: Starting ypbind works, and doesn't cause browsers to freeze

Additional info:
To be honest, I'm not certain this is a bug, but I can't see what I can be doing
wrong. I've turned on auditing, and am attaching a fragment of the audit log for
a complete start ypbind - abort service configuration tool - stop ypbind cycle. 
Also the output from audit2why. Audit2allow shows missing rules as the
underlying cause:

allow hostname_t security_t:dir search;
allow hostname_t selinux_config_t:dir search;
allow hostname_t unconfined_t:fifo_file write;
allow hostname_t user_home_t:file read;

Comment 1 bob mckay 2006-04-11 11:59:58 UTC
Created attachment 127608 [details]
audit2why output

Comment 2 bob mckay 2006-04-11 12:01:54 UTC
Created attachment 127609 [details]
Audit log over a full ypbind start - restart service tool - ypbind stop cycle

Comment 3 bob mckay 2006-04-12 07:48:49 UTC
*** Bug 188571 has been marked as a duplicate of this bug. ***

Comment 5 Daniel Walsh 2006-06-15 12:48:52 UTC
Fixed in  2.2.43-4.fc5

Comment 6 Daniel Walsh 2007-03-28 20:06:16 UTC
Closing bugs