Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

nis+ support f nscd in targeted pol: msg#00167

Subject: nis+ support f nscd in targeted pol 
hi, i am new to selinux.

i usually extend redhat/fedora linux by nis-utils-1.4.1
to access the NIS+ environment.

i've just found out that this is not configured in selinux
of fc3 for nscd:
===
Feb 23 18:35:14 pcxeon-1 kernel: audit(1109180114.178:0):
        avc:  denied  { read } for  pid=20078 exe=/usr/sbin/nscd
        name=NIS_COLD_START dev=sda1 ino=737383 scontext=root:system_r:nscd_t
        tcontext=root:object_r:var_t tclass=file
===
so i guess that the /var/nis/NIS_COLD_START file has to be made
available to the nscd command.

i tried the following (cheers russell coker):
===
cd /etc/selinux/targeted/src/policy
echo "allow nscd_t var_t:file { getattr read };" >> domains/misc/custom.te
make load
===
but now i get:
===
Feb 24 18:03:14 pcxeon-1 kernel: audit(1109264594.241:0):
        avc:  denied  { write } for  pid=8888 exe=/usr/sbin/nscd
        name=keyservsock dev=sda1 ino=737436 scontext=root:system_r:nscd_t
        tcontext=user_u:object_r:var_run_t tclass=sock_file
===

i think that the /var/nis (NIS+) dir should be integrated
into the targeted policy like the /var/yp (NIS) dir...

i've tried to add
        /var/nis(/.*)? system_u:object_r:var_nis_t
at several places, without success. (i am simply too new
to all this selinux stuff...).

anyway, using >>allow nscd_t var_t:file { getattr read };<< now nscd
seems to contact the keyserv program of the portmapper:
===
# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100029    1   udp    980  keyserv
    100029    2   udp    980  keyserv
    100024    1   udp  32772  status
    100024    1   tcp  32776  status
    100021    1   udp  32778  nlockmgr
    100021    3   udp  32778  nlockmgr
    100021    4   udp  32778  nlockmgr
    100021    1   tcp  33060  nlockmgr
    100021    3   tcp  33060  nlockmgr
    100021    4   tcp  33060  nlockmgr
===

which seems to have an open socket at:
# ls -la /var/run/keyservsock
srw-rw-rw-  1 root root 0 Feb 24 04:58 /var/run/keyservsock

niki
-- 
niki w. waibel - system administrator @ newlogic technologies ag
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Horde Application Suite and SELinux..., Tom Lisjac
Next by Date:  Re: Horde Application Suite and SELinux..., Tom Lisjac
Previous by Thread:  squirrelmail / postfix mail lost policy 1.17.30-2.80, Jeremy Ardley
Next by Thread:  RE: nis+ support f nscd in targeted pol, Niki Waibel
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe