Bug 364931 - logins with NIS are denied
Summary: logins with NIS are denied
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 8
Hardware: powerpc
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-03 00:46 UTC by Chris Lumens
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-11-10 13:10:05 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Chris Lumens 2007-11-03 00:46:53 UTC 
With selinux-policy-targeted-3.0.8-42.fc8.noarch running, I am unable to login
either at the console or via gdm if I am using NIS and in enforcing mode.  The
following policy blob adapted from the similar dovecot bug fixes this:

module nis 1.0;

require {
        type system_chkpwd_t;
        type hi_reserved_port_t;
        type updpwd_t;
        class capability net_bind_service;
        class tcp_socket { name_bind name_connect };
        class udp_socket name_bind;
}

allow system_chkpwd_t hi_reserved_port_t:tcp_socket { name_bind name_connect };
allow system_chkpwd_t hi_reserved_port_t:udp_socket name_bind;
allow system_chkpwd_t self:capability net_bind_service;

allow updpwd_t hi_reserved_port_t:udp_socket name_bind;
allow updpwd_t self:capability net_bind_service;
Comment 1 Daniel Walsh 2007-11-05 15:49:33 UTC 
Do you have the allow_ypbind boolean turned on ?

setsebool -P allow_ypbind=1
Comment 2 Chris Lumens 2007-11-05 15:58:42 UTC 
chris@monolith:~$ /usr/sbin/getsebool allow_ypbind
allow_ypbind --> on

Perhaps it wasn't set before I started messing around with new policy, though. 
I would need to bring up another machine and see if it works or not to be sure.
Note You need to log in before you can comment on or make changes to this bug.