On Thu, 2006-03-30 at 13:42 -0600, Jason L Tibbitts III wrote: > I've noticed that the behavior of my FC5 system differs dramatically > depending on whether nscd is running. User info is stored in LDAP, > and if nscd is running then applications talk to it. But if it's not > running then the applications (or libc, at least) talk to the network > themselves. This gets denied by selinux and things break. Most > notably, the system won't even boot, because dbus just hangs forever > spewing AVC messages to the console. > > So I wonder if the intention is to make nscd mandatory, or if failures > due to a lack of nscd are considered problematic. I have nothing > against nscd, but I don't generally turn it on until after the system > boots and has time to pull down configuration information so that > encrypted ldap works. Obviously I'll be reworking my installation > scripts to work around this. Does 'setsebool -P allow_ypbind=1' help? Same issue applies for NIS (w/o nscd), and that boolean is intended to allow necessary network access. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
