192555 – SELinux/nss_ldap tracking bug

Bug 192555 - SELinux/nss_ldap tracking bug

Summary: SELinux/nss_ldap tracking bug

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	192556 192566 192567 195977
Blocks:
TreeView+	depends on / blocked

Reported:	2006-05-20 16:02 UTC by Ian Pilcher
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-03-28 20:03:08 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ian Pilcher 2006-05-20 16:02:57 UTC

Description of problem:

When nss_ldap is enabled, a number of daemons try to contact the LDAP server
for user information.  In many cases this is not allowed by the SELinux
policy.  The consequences of the denial vary from unneccessary audit messages
to an unbootable system.


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.40-1.fc5


How reproducible:

100%


Steps to Reproduce:

1.  Enable nss_ldap and the SELinux targeted policy

 
Actual results:

Daemons generate AVC denial messages or fail to start.


Expected results:

All daemons should start successfully.


Additional info:

Comment 1 Daniel Walsh 2006-07-17 19:23:47 UTC

fixed in selinux-policy-targeted-2.3.2-1.fc5

Comment 2 Daniel Walsh 2007-03-28 20:03:08 UTC

Closing bugs

Note You need to log in before you can comment on or make changes to this bug.