On Thu, 2006-03-30 at 13:42 -0600, Jason L Tibbitts III wrote:
I've noticed that the behavior of my FC5 system differs
dramatically
depending on whether nscd is running. User info is stored in LDAP,
and if nscd is running then applications talk to it. But if it's not
running then the applications (or libc, at least) talk to the network
themselves. This gets denied by selinux and things break. Most
notably, the system won't even boot, because dbus just hangs forever
spewing AVC messages to the console.
So I wonder if the intention is to make nscd mandatory, or if failures
due to a lack of nscd are considered problematic. I have nothing
against nscd, but I don't generally turn it on until after the system
boots and has time to pull down configuration information so that
encrypted ldap works. Obviously I'll be reworking my installation
scripts to work around this.
Does 'setsebool -P allow_ypbind=1' help? Same issue applies for NIS
(w/o nscd), and that boolean is intended to allow necessary network
access.
--
Stephen Smalley
National Security Agency