Bug 192555

Summary: SELinux/nss_ldap tracking bug
Product: [Fedora] Fedora Reporter: Ian Pilcher <arequipeno>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: mail
Target Milestone: ---Keywords: SELinux, Tracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-28 20:03:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 192556, 192566, 192567, 195977    
Bug Blocks:    

Description Ian Pilcher 2006-05-20 16:02:57 UTC 
Description of problem:

When nss_ldap is enabled, a number of daemons try to contact the LDAP server
for user information.  In many cases this is not allowed by the SELinux
policy.  The consequences of the denial vary from unneccessary audit messages
to an unbootable system.


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.40-1.fc5


How reproducible:

100%


Steps to Reproduce:

1.  Enable nss_ldap and the SELinux targeted policy

 
Actual results:

Daemons generate AVC denial messages or fail to start.


Expected results:

All daemons should start successfully.


Additional info:
Comment 1 Daniel Walsh 2006-07-17 19:23:47 UTC 
fixed in selinux-policy-targeted-2.3.2-1.fc5
Comment 2 Daniel Walsh 2007-03-28 20:03:08 UTC 
Closing bugs