Bug 364931 - logins with NIS are denied
logins with NIS are denied
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
powerpc Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-02 20:46 EDT by Chris Lumens
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-10 08:10:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Lumens 2007-11-02 20:46:53 EDT
With selinux-policy-targeted-3.0.8-42.fc8.noarch running, I am unable to login
either at the console or via gdm if I am using NIS and in enforcing mode.  The
following policy blob adapted from the similar dovecot bug fixes this:

module nis 1.0;

require {
        type system_chkpwd_t;
        type hi_reserved_port_t;
        type updpwd_t;
        class capability net_bind_service;
        class tcp_socket { name_bind name_connect };
        class udp_socket name_bind;
}

allow system_chkpwd_t hi_reserved_port_t:tcp_socket { name_bind name_connect };
allow system_chkpwd_t hi_reserved_port_t:udp_socket name_bind;
allow system_chkpwd_t self:capability net_bind_service;

allow updpwd_t hi_reserved_port_t:udp_socket name_bind;
allow updpwd_t self:capability net_bind_service;
Comment 1 Daniel Walsh 2007-11-05 10:49:33 EST
Do you have the allow_ypbind boolean turned on ?

setsebool -P allow_ypbind=1
Comment 2 Chris Lumens 2007-11-05 10:58:42 EST
chris@monolith:~$ /usr/sbin/getsebool allow_ypbind
allow_ypbind --> on

Perhaps it wasn't set before I started messing around with new policy, though. 
I would need to bring up another machine and see if it works or not to be sure.

Note You need to log in before you can comment on or make changes to this bug.