Description of problem: When nss_ldap is enabled, a number of daemons try to contact the LDAP server for user information. In many cases this is not allowed by the SELinux policy. The consequences of the denial vary from unneccessary audit messages to an unbootable system. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.40-1.fc5 How reproducible: 100% Steps to Reproduce: 1. Enable nss_ldap and the SELinux targeted policy Actual results: Daemons generate AVC denial messages or fail to start. Expected results: All daemons should start successfully. Additional info:
fixed in selinux-policy-targeted-2.3.2-1.fc5
Closing bugs