Red Hat Bugzilla – Bug 503595
selinux denies read access to nssitch.conf for ypbind
Last modified: 2009-06-02 16:55:03 EDT
nsswitch.conf is mislabeled. Run restorecon on it to fix its context.
If this file is created in an init script the initscript needs to make sure the file is labeled correctly just like it would need to make sure it has the right ownership and permissions.
So if this is a test it is a test bug, if it is a shipping initscript then the initscript needs to be fixed.
But this is not an SELinux bug.
*** Bug 503596 has been marked as a duplicate of this bug. ***
I don't doubt that you are right, but I do have one further question. The script does the following:
cp -f /etc/nsswitch.conf /etc/nsswitch.conf.orig
cp -f /testdir/nsswitch.conf /etc/nsswitch.conf
Can you just confirm that this sequence of commands is supposed to change the label of /etc/nsswitch.conf?
If /etc/nsswitch.conf exist it should stay the same label as it was originally labeled.
So if it is labeled etc_t at the beginning, it should stay etc_t.