Red Hat Bugzilla – Bug 217640
nscd cannot access avahi socket
Last modified: 2007-11-30 17:11:50 EST
Description of problem:
When the avahi nss module (not part of core) is used nscd must access
which has the context
This socket is created by avahi-dnsconfd which *IS* part of core. So, please
allow access. This extension probably has to be added to the same place which
allows access to NIS sockets since all programs with their own domain need this
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.install nss-mdns (from arprms)
2.add mdns to the hosts entry in /etc/nsswitch.conf
4.clean nscd cache (/usr/sbin/nscd -i hosts)
failed to lookup
Added to auth_use_nsswitch() Which most domains use.
Fixed in selinux-policy-2.4.6-1
Some more changes are neded. The code also needs
allow nscd_t avahi_var_run_t:dir_search
(well, the generic non-nscd specific form).
That is in the 2.4.6-1 policy.
I have the 2.4.6-1 policy installed, even relabeled everything, and still get
this message from nscd. Are you sure you added search permission to the
directory and not only access to the socket?
I looked at the 2.4.6-1.fc6 sources and the changes are there. But despite
having the policy loaded and rebooting and relabeling I continue to get the message.
Is for some reason the avahi part not included in your policy? I don't know
exactly how the 'optional_policy' macro works.
Fixed in selinux-policy-2.4.6-4
Seems to be fixed.