Bug 741141
Summary: | Selinux bool allow_ypbind gets turned off on reboot | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Highley <david.m.highley> |
Component: | ypbind | Assignee: | Honza Horak <hhorak> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | dwalsh, harald, hhorak, johannbg, kay, kklic, lpoetter, metherid, mschmidt, notting, plautrba |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ypbind-1.33-7.fc16 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-10-04 21:13:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Highley
2011-09-26 00:54:24 UTC
systemd does not do that. ypbind.service fiddles with it. Reassigning. ypbind-1.33-7.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/ypbind-1.33-7.fc16 Package ypbind-1.33-7.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ypbind-1.33-7.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/ypbind-1.33-7.fc16 then log in and leave karma (feedback). I think we should just remove this functionality. This never worked that well in the init script, users should just turn on the boolean or move to sssd for resolution which is the real secure way to do this. (In reply to comment #4) > I think we should just remove this functionality. > > This never worked that well in the init script, users should just turn on the > boolean or move to sssd for resolution which is the real secure way to do this. Oh, I haven't leave a comment here, but turning off allow_ypbind is now removed at all, since it isn't used in F15 or F14. OTOH, turning on allow_ypbind is still used, in the same way as in F15 and F14. Do you think this should be removed too? Personally, I think many users would be confused if we do that, since authconfig doesn't turn the boolean on (and is probably widely used to configure NIS) and IMHO shouldn't do that. The problem with turning this boolean on in the ypbind init script or systemctl is that it is too late. authconfig is where it should be turned on. (In reply to comment #6) > The problem with turning this boolean on in the ypbind init script or systemctl > is that it is too late. authconfig is where it should be turned on. Sounds reasonable. I've reported this RFE as a bug #741646 and will let this bug closed. ypbind-1.33-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |