Description of problem: After vanilla install of FC6, chkconfig ypserv on and service ypserv start, ypxfrd is not allowed to work. Version-Release number of selected component (if applicable): rselinux-policy-targeted-2.4.6-27.fc6 ypserv-2.19-3 How reproducible: Steps to Reproduce: 1. domainname something; /usr/lib/yp/ypinit -m 2. service ypserv start 3. dmesg | grep avc Actual results: Expected results: Additional info: audit(1170530327.976:4): avc: denied { use } for pid=3284 comm="rpc.ypxfrd" name="0" dev=devpts ino=2 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=fd audit(1170530327.976:5): avc: denied { use } for pid=3284 comm="rpc.ypxfrd" name="0" dev=devpts ino=2 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=fd audit(1170530327.976:6): avc: denied { use } for pid=3284 comm="rpc.ypxfrd" name="0" dev=devpts ino=2 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=fd audit(1170530327.979:7): avc: denied { read } for pid=3288 comm="rpc.ypxfrd" name="localtime" dev=dm-0 ino=1114162 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file audit(1170530327.979:8): avc: denied { read } for pid=3288 comm="rpc.ypxfrd" name="localtime" dev=dm-0 ino=1114162 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file audit(1170530327.979:9): avc: denied { read } for pid=3288 comm="rpc.ypxfrd" name="localtime" dev=dm-0 ino=1114162 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file audit(1170530327.979:10): avc: denied { read } for pid=3288 comm="rpc.ypxfrd" name="localtime" dev=dm-0 ino=1114162 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:object_r:locale_t:s0 tclass=file audit(1170530327.979:11): avc: denied { create } for pid=3288 comm="rpc.ypxfrd" scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:system_r:ypxfr_t:s0 tclass=unix_dgram_socket audit(1170530327.979:12): avc: denied { read } for pid=3288 comm="rpc.ypxfrd" name="ypserv.conf" dev=dm-0 ino=1116014 scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:object_r:ypserv_conf_t:s0 tclass=file audit(1170530327.979:13): avc: denied { create } for pid=3288 comm="rpc.ypxfrd" scontext=system_u:system_r:ypxfr_t:s0 tcontext=system_u:system_r:ypxfr_t:s0 tclass=netlink_route_socket
sorry, needs service ypxfrd start after service ypserv start too
Fixed in selinux-policy-2.4.6-36
Fixed in current release