Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162746 - yppasswdd won't set/update passwords when SELinux is enabled
Summary: yppasswdd won't set/update passwords when SELinux is enabled
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Russell Coker
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-08 08:20 UTC by Tony Molloy
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.27.1-2.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-21 01:07:35 UTC


Attachments (Terms of Use)

Description Tony Molloy 2005-07-08 08:20:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
I'm trying to get NIS working. ypwhich, ypcat, ypmatch work OK.

However yppasswd will not set or update user passwords when SELinux is enabled with targeted policy. It works fine when SELinux is disabled.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.24-3

How reproducible:
Always

Steps to Reproduce:
1.Set up NIS with ypinit, NIS files in /var/yp/ypsrc
2.Test ypwhich ypcat
3.Try to update NIS passwords with yppasswd
  

Actual Results:  
In /var/log/messages ( edited )

beta rpc.yppasswdd[1778]: update testacc1 (uid=9001) from host 10.220.1.151 failed
beta rpc.yppasswdd[1778]: password file locked


In /var/log/audit/audit.log

type=PATH msg=audit(1120732794.982:341722): item=0 name="/etc/.pwd.lock" flags=310  inode=62249 dev=03:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=Unknown msg=audit(1120732794.982:341722):  cwd="/"
type=SYSCALL msg=audit(1120732794.982:341722): arch=40000003 syscall=5 success=no exit=-13 a0=acf181 a1=41 a2=180 a3=ffffffff items=1 pid=1778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="rpc.yppasswdd" exe="/usr/sbin/rpc.yppasswdd"
type=AVC msg=audit(1120732794.982:341722): avc:  denied  { write } for  pid=1778 comm="rpc.yppasswdd" name=".pwd.lock" dev=hda1 ino=62391 scontext=system_u:system_r:rpcd_t tcontext=system_u:object_r:shadow_t tclass=file



Expected Results:  
yppasswd should update the passwords

Additional info:

Comment 1 Daniel Walsh 2005-09-27 19:43:51 UTC
Fixed in selinux-policy-targeted-1.27.1-2.3



Note You need to log in before you can comment on or make changes to this bug.