Description of problem: After yesterdays named update i've had selinux errors Version-Release number of selected component (if applicable): selinux-policy-targeted 2.2.23-15 bind 30:9.3.2-10.FC5 How reproducible: Not tried, suspect always Steps to Reproduce: 1. Have yum installed and selinux enabled, 2. Update to latest versions 3. Wait 4. Note Selinux errors Actual results: audit(1143025106.799:2): avc: denied { search } for pid=3213 comm="perl" name="yp" dev=sda3 ino=12537932 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir audit(1143025106.799:3): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.803:4): avc: denied { name_bind } for pid=3213 comm="perl" src=845 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket audit(1143025106.803:5): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.803:6): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.803:7): avc: denied { name_bind } for pid=3213 comm="perl" src=846 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket audit(1143025106.803:8): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.819:9): avc: denied { search } for pid=3213 comm="perl" name="yp" dev=sda3 ino=12537932 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir audit(1143025106.819:10): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.819:11): avc: denied { name_bind } for pid=3213 comm="perl" src=847 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:dhcpd_port_t:s0 tclass=tcp_socket audit(1143025106.819:12): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.819:13): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket audit(1143025106.819:14): avc: denied { name_bind } for pid=3213 comm="perl" src=848 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket audit(1143025106.819:15): avc: denied { name_connect } for pid=3213 comm="perl" dest=111 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Expected results: No selinux errors Additional info
setsebool -P allow_ypbind=1 You look like you are running nis?
We are indeed, is it not set by system-config-authentication?
It should have been set by that tool. Testing on my machines shows the boolean gets turned on.
Well the selinux errors seem to have gone away since setting the bool, its odd that it dident get set in the first place mind, given system-config-authentication was used to configure yp on this system.