With selinux-policy-targeted-3.0.8-42.fc8.noarch running, I am unable to login either at the console or via gdm if I am using NIS and in enforcing mode. The following policy blob adapted from the similar dovecot bug fixes this: module nis 1.0; require { type system_chkpwd_t; type hi_reserved_port_t; type updpwd_t; class capability net_bind_service; class tcp_socket { name_bind name_connect }; class udp_socket name_bind; } allow system_chkpwd_t hi_reserved_port_t:tcp_socket { name_bind name_connect }; allow system_chkpwd_t hi_reserved_port_t:udp_socket name_bind; allow system_chkpwd_t self:capability net_bind_service; allow updpwd_t hi_reserved_port_t:udp_socket name_bind; allow updpwd_t self:capability net_bind_service;
Do you have the allow_ypbind boolean turned on ? setsebool -P allow_ypbind=1
chris@monolith:~$ /usr/sbin/getsebool allow_ypbind allow_ypbind --> on Perhaps it wasn't set before I started messing around with new policy, though. I would need to bring up another machine and see if it works or not to be sure.