search for: allow_ypbind

...eing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow access by executing: # setsebool -P allow_ypbind 1 The weirdness is that when I check allow_ypbind, it?s already on: # getsebool allow_ypbind allow_ypbind --> on # Does anyone with more experience with SELinux than m...

...ogs: > > type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket > > Was caused by: > The boolean allow_ypbind was set incorrectly. > Description: > Allow system to run with NIS > > Allow access by executing: > # setsebool -P allow_ypbind 1 > > > The weirdness is that when I check allow_ypbind, it?s already on: > > # getsebool allow_ypbind > allow_ypbind --> on >...

It says what it is my original post; that?s the output from audit2allow ?w (which is audit2why): Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow access by executing: # setsebool -P allow_ypbind 1 --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael....

On 06/06/2017 09:41 AM, Vanhorn, Mike wrote: > It says what it is my original post; that?s the output from audit2allow ?w (which is audit2why): > > Was caused by: > The boolean allow_ypbind was set incorrectly. > Description: > Allow system to run with NIS > > Allow access by executing: > # setsebool -P allow_ypbind 1 > > --- > Mike VanHorn > Senior Computer Systems Administrator > College of Engineering and Computer Science > Wright State Universi...

...Walsh" <dwalsh at redhat.com> wrote: >I am asking if you run it again, does it change. If the boolean is set >the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was ca...

...11:53,920 [database.DEBUG] database version 3.0 compatible with current 3.0 version 2011-11-01 15:11:53,923 [plugin.DEBUG] load_plugins() names=['httpd_bad_labels', 'allow_saslauthd_read_shadow', 'tftpd_write_content', 'allow_nfsd_anon_write', 'vbetool', 'allow_ypbind', 'httpd_use_cifs', 'file', 'allow_execheap', 'nfs_export_all_rw', 'allow_java_execstack', 'allow_httpd_sys_script_anon_write', 'samba_share', 'filesystem_associate', 'fcron_crond', 'inetd_bind_ports', 'named_wr...

...walsh at redhat.com> wrote: > >> I am asking if you run it again, does it change. If the boolean is set >> the audit2why should say that the AVC is allowed. > Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says > > type=AVC msg=audit(1496768649.872:1338): avc: denied { name_connect } for pid=2413 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket...

SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files,