Bug 192555 - SELinux/nss_ldap tracking bug
SELinux/nss_ldap tracking bug
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: SELinux, Tracking
Depends On: 192556 192566 192567 195977
  Show dependency treegraph
Reported: 2006-05-20 12:02 EDT by Ian Pilcher
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-28 16:03:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ian Pilcher 2006-05-20 12:02:57 EDT
Description of problem:

When nss_ldap is enabled, a number of daemons try to contact the LDAP server
for user information.  In many cases this is not allowed by the SELinux
policy.  The consequences of the denial vary from unneccessary audit messages
to an unbootable system.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1.  Enable nss_ldap and the SELinux targeted policy

Actual results:

Daemons generate AVC denial messages or fail to start.

Expected results:

All daemons should start successfully.

Additional info:
Comment 1 Daniel Walsh 2006-07-17 15:23:47 EDT
fixed in selinux-policy-targeted-2.3.2-1.fc5
Comment 2 Daniel Walsh 2007-03-28 16:03:08 EDT
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.