Description of problem: The SELinux policy shipped with U2 prevents nscd from operating properly. Notably, nscd can't read /etc/resolv.conf and therefore can't resolve host names. This could be related to an invalid file context on resolv.conf after it's created/updated by dhclient-scripts. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.110 How reproducible: Always Steps to Reproduce: 1. Install RHEL4U2 2. Enable nscd (chkconfig nscd on) 3. Reboot Actual results: Networking works, but name resolution doesn't. ie, you can ping by IP by not by name. Expected results: Name resolution should work. Additional info: The following denials occur during boot: audit(1129919115.192:2): avc: denied { create } for pid=1791 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket audit(1129919122.914:3): avc: denied { read } for pid=1805 comm="nscd" name="resolv.conf" dev=dm-0 ino=7077897 scontext=user_u:system_r:nscd_t tcontext=root:object_r:etc_runtime_t tclass=file The resolv.conf message appears periodically as processes attempt to look up names. Running "restorecon /etc/resolv.conf", or disabling enforcing, then restarting networking and nscd will make name resolution work again. This may be related to bug #170064, but this system is not running NetworkManager. Installing selinux-policy-targeted-1.17.30-2.117 from ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3 resolves this issue.
FIxed in selinux-policy-targeted-1.17.30-2.117
any chance to push to it before update 3? Thanks
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0049.html