Red Hat Bugzilla – Bug 741646
RFE: authconfig should turn on allow_ypbind SELinux boolean
Last modified: 2012-07-27 07:33:42 EDT
Description of problem:
At the present time ypbind init script (or systemd unit file in F16+) turns on allow_ypbind SELinux boolean before starting the ypbind binary. So, this variable is changed every-time when ypbind is started.
It seems to be more correct if this variable is turned on only once -- by authconfig during configuring NIS or by user explicitly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. su -c 'authconfig-tui'
2. set NIS client
3. allow_ypbind should be turned on before starting ypbind client
allow_ypbind is not changed
allow_ypbind is turned on
What if the user starts the ypbind manually without using authconfig?
Why not first test the boolean and then enable it if it is not yet enabled if you do not want to enable it multiple times unnecessarily?
(In reply to comment #1)
> What if the user starts the ypbind manually without using authconfig?
Then the user also have to configure it manually (which means edit configure files and turning the boolean on permanently).
> Why not first test the boolean and then enable it if it is not yet enabled if
> you do not want to enable it multiple times unnecessarily?
Well, I don't see any difference between this solution and the present one, while allow_ypbind is turned on after this no matter what was its value before. Or do I miss something?
If the user starts the daemon he probably wants to have the selinux boolean enabled. What would be the sense in starting the daemon then?
It seems this is only my feeling that enabling selinux boolean is a configuration step and as such it should be done during configuring the service.
But I don't have any strong argument for that and have no problem if turning on stays in systemd unit file.