Description of problem:
The selinux bool allow_ypbind is getting turned off during a reboot.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. setsebool -P allow_ypbind on
2. reboot or init 6
3. getsebool allow_ypbind
systemd does not do that.
ypbind.service fiddles with it. Reassigning.
ypbind-1.33-7.fc16 has been submitted as an update for Fedora 16.
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ypbind-1.33-7.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
I think we should just remove this functionality.
This never worked that well in the init script, users should just turn on the boolean or move to sssd for resolution which is the real secure way to do this.
(In reply to comment #4)
> I think we should just remove this functionality.
> This never worked that well in the init script, users should just turn on the
> boolean or move to sssd for resolution which is the real secure way to do this.
Oh, I haven't leave a comment here, but turning off allow_ypbind is now removed at all, since it isn't used in F15 or F14.
OTOH, turning on allow_ypbind is still used, in the same way as in F15 and F14. Do you think this should be removed too?
Personally, I think many users would be confused if we do that, since authconfig doesn't turn the boolean on (and is probably widely used to configure NIS) and IMHO shouldn't do that.
The problem with turning this boolean on in the ypbind init script or systemctl is that it is too late. authconfig is where it should be turned on.
(In reply to comment #6)
> The problem with turning this boolean on in the ypbind init script or systemctl
> is that it is too late. authconfig is where it should be turned on.
Sounds reasonable. I've reported this RFE as a bug #741646 and will let this bug closed.
ypbind-1.33-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.