On Feb 2, 2011, at 00:34 , Don Krause wrote:
> Is selinux on a default install of SL6 Beta 1 supposed to prevent ypbind from
> working?
Probably:
# getsebool -a |grep yp
allow_ypbind --> off
Does "setsebool -P allow_ypbind on" make it work?
- Stephan
> I'm getting this error in the audit.log
>
> type=USER_AVC msg=audit(1296601650.114:34350): user pid=2262 uid=81
> auid=4294967295 ses=4294967295
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied {
> send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager
> member=state dest=org.freedesktop.NetworkManager spid=4805 tpid=3995
> scontext=unconfined_u:system_r:ypbind_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus :
> exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
>
> When run through audit2allow, umm... damn, not found.. Hmm... Yeah,
> policycoreutils is installed.. wtf?
>
> <begin rant>
> audit2allow was moved from policycoreutils to policycoreutils-python. Has it
> become a game at TUV to see how many separate packages can be built from one
> src.rpm?
> <end rant>
>
> Sorry, distracted for a moment..
>
> Anyway, after installing pcu-python for audit2allow, I get:
>
> module ypbind 1.0;
>
> require {
> type unconfined_t;
> type ypbind_t;
> class dbus send_msg;
> }
>
> #============= ypbind_t ==============
> allow ypbind_t unconfined_t:dbus send_msg;
>
>
> which looks reasonable, but I'm not an selinux guru.
--
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany
