This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 741646 - RFE: authconfig should turn on allow_ypbind SELinux boolean
RFE: authconfig should turn on allow_ypbind SELinux boolean
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: authconfig (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-27 09:59 EDT by Honza Horak
Modified: 2012-07-27 07:33 EDT (History)
1 user (show)

See Also:
Fixed In Version: authconfig-6.2.3-1.fc18
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-11-08 06:46:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Honza Horak 2011-09-27 09:59:33 EDT
Description of problem:
At the present time ypbind init script (or systemd unit file in F16+) turns on allow_ypbind SELinux boolean before starting the ypbind binary. So, this variable is changed every-time when ypbind is started.

It seems to be more correct if this variable is turned on only once -- by authconfig during configuring NIS or by user explicitly. 

Version-Release number of selected component (if applicable):
authconfig-6.1.16-1

Steps to Reproduce:
1. su -c 'authconfig-tui'
2. set NIS client
3. allow_ypbind should be turned on before starting ypbind client
  
Actual results:
allow_ypbind is not changed

Expected results:
allow_ypbind is turned on
Comment 1 Tomas Mraz 2011-09-27 10:10:02 EDT
What if the user starts the ypbind manually without using authconfig?
Why not first test the boolean and then enable it if it is not yet enabled if you do not want to enable it multiple times unnecessarily?
Comment 2 Honza Horak 2011-09-27 10:28:00 EDT
(In reply to comment #1)
> What if the user starts the ypbind manually without using authconfig?

Then the user also have to configure it manually (which means edit configure files and turning the boolean on permanently).

> Why not first test the boolean and then enable it if it is not yet enabled if
> you do not want to enable it multiple times unnecessarily?

Well, I don't see any difference between this solution and the present one, while allow_ypbind is turned on after this no matter what was its value before. Or do I miss something?
Comment 3 Tomas Mraz 2011-09-27 10:40:20 EDT
If the user starts the daemon he probably wants to have the selinux boolean enabled. What would be the sense in starting the daemon then?
Comment 4 Honza Horak 2011-09-29 07:30:46 EDT
It seems this is only my feeling that enabling selinux boolean is a configuration step and as such it should be done during configuring the service. 

But I don't have any strong argument for that and have no problem if turning on stays in systemd unit file.

Note You need to log in before you can comment on or make changes to this bug.