Bug 188572 - ypbind fails to start due to selinux policy problems
Summary: ypbind fails to start due to selinux policy problems
Alias: None
Product: Fedora
Classification: Fedora
Component: ypbind
Version: 5
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Ben Levenson
: 188571 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2006-04-11 11:59 UTC by bob mckay
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2007-03-28 20:06:16 UTC

Attachments (Terms of Use)
audit2why output (12.82 KB, text/plain)
2006-04-11 11:59 UTC, bob mckay
no flags Details
Audit log over a full ypbind start - restart service tool - ypbind stop cycle (17.37 KB, text/plain)
2006-04-11 12:01 UTC, bob mckay
no flags Details

Description bob mckay 2006-04-11 11:59:58 UTC
Description of problem: ypbind will not start in my installation, apparently due
to selinux policy problems. To the best of my knowledge, I have not altered
selinux policy from the default.

Version-Release number of selected component (if applicable):
ypbind (ypbind-mt) 1.19

How reproducible:
100% on my installation - cannot get ypbind to start properly

Steps to Reproduce:
1.use selinux security configuration tool to disable selinux protection for
ypbind daemon
2.use service configuration tool to start ypbind
Actual results:
service configuration tool starts spinning its wheel, and continues to do so
forever. Meanwhile, any concurrently open browsers lose their connections (that
is, http get's fail thereafter). On quitting service configuration tool and
restarting it, it reports ypbind as running. Stopping ypbind frees up any
currently frozen browser connections. It sometimes takes two attempts to
actually stop ypbind.

Expected results: Starting ypbind works, and doesn't cause browsers to freeze

Additional info:
To be honest, I'm not certain this is a bug, but I can't see what I can be doing
wrong. I've turned on auditing, and am attaching a fragment of the audit log for
a complete start ypbind - abort service configuration tool - stop ypbind cycle. 
Also the output from audit2why. Audit2allow shows missing rules as the
underlying cause:

allow hostname_t security_t:dir search;
allow hostname_t selinux_config_t:dir search;
allow hostname_t unconfined_t:fifo_file write;
allow hostname_t user_home_t:file read;

Comment 1 bob mckay 2006-04-11 11:59:58 UTC
Created attachment 127608 [details]
audit2why output

Comment 2 bob mckay 2006-04-11 12:01:54 UTC
Created attachment 127609 [details]
Audit log over a full ypbind start - restart service tool - ypbind stop cycle

Comment 3 bob mckay 2006-04-12 07:48:49 UTC
*** Bug 188571 has been marked as a duplicate of this bug. ***

Comment 5 Daniel Walsh 2006-06-15 12:48:52 UTC
Fixed in  2.2.43-4.fc5

Comment 6 Daniel Walsh 2007-03-28 20:06:16 UTC
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.