Description of problem: Non a yp-slave server with selinux enabled, each yppush on a remote yp-master triggers this sealert: Apr 2 13:46:47 beck setroubleshoot: SELinux is preventing /usr/lib64/yp/ypxfr from 'read, write' accesses on the file /run/ypserv.pid. For complete SELinux messages. run sealert -l cec6e0ba-8123-4668-81da-3056221d0470 Version-Release number of selected component (if applicable): selinux-policy-3.10.0-80.fc16.noarch How reproducible: Always Steps to Reproduce: 1. Set up a yp-master and yp-slave server 2. On the yp-master, run (cd /var/yp && make) Actual results: SEAlert above being risen on the yp-slave server Expected results: Function, no sealert. Additional info:
Created attachment 574521 [details] sealert -l cec6e0ba-8123-4668-81da-3056221d0470
Looks like ypserv is leaking an open file descriptor to /var/run/ypserv.pid fcntl(fd, F_SETFILE,FD_CLOEXEC) http://danwalsh.livejournal.com/53603.html
(In reply to comment #2) > Looks like ypserv is leaking an open file descriptor to /var/run/ypserv.pid Thanks for the tip. Ralf, can you, please, test the following build, if it fixes the problem? http://koji.fedoraproject.org/koji/taskinfo?taskID=3989154
(In reply to comment #3) > Ralf, can you, please, test the following build, if it fixes the problem? > http://koji.fedoraproject.org/koji/taskinfo?taskID=3989154 AFAICT, after ca. 2 days of using it, it seems to fix this particular issue for me (yppush seems to be working, again).
ypserv-2.27-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/ypserv-2.27-2.fc17
ypserv-2.26-10.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/ypserv-2.26-10.fc16
Package ypserv-2.27-2.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ypserv-2.27-2.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5970/ypserv-2.27-2.fc17 then log in and leave karma (feedback).
ypserv-2.27-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
ypserv-2.26-10.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.