Bug 113796

Summary: subdomain: Breaks ypbind/automounter
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Andreas Jaeger <aj>
Component: AppArmorAssignee: Dominic W Reynolds <dreynolds>
Status: RESOLVED FIXED QA Contact: Keiran Haggerty <khaggerty>
Severity: Critical    
Priority: P5 - None CC: meissner, sarnold, security-team
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Jaeger 2005-08-29 10:53:30 UTC 
Login to a machine in the internal net does not work if subdomain is enabled. 
The connection to the NFS server does not work at all.

I see in /var/log/messages:

SubDomain: REJECTING r access to /var/yp/binding/suse.de.2 (nscd(5166) profile
/usr/sbin/nscd active /usr/sbin/nscd)
SubDomain: REJECTING access to capability 'net_bind_service' (nscd(5166) profile
/usr/sbin/nscd active /usr/sbin/nscd)
SubDomain: REJECTING access to capability 'net_bind_service' (nscd(5166) profile
/usr/sbin/nscd active /usr/sbin/nscd)
SubDomain: REJECTING r access to /var/yp/binding/suse.de.2 (nscd(5163) profile
/usr/sbin/nscd active /usr/sbin/nscd)
SubDomain: REJECTING access to capability 'net_bind_service' (nscd(5163) profile
/usr/sbin/nscd active /usr/sbin/nscd)
SubDomain: REJECTING access to capability 'net_bind_service' (nscd(5163) profile
/usr/sbin/nscd active /usr/sbin/nscd)
Comment 1 Marcus Meissner 2005-08-29 19:28:38 UTC 
same that got reported already ... Seth?
Comment 2 Seth R Arnold 2005-08-29 19:49:41 UTC 
Fixes for /var/yp/binding/* checked into SHASS_1_2 and trunk in revisions 5164
and 5165. net_bind_service checked in previously.

Thanks
Comment 3 Marcus Meissner 2005-08-30 12:04:21 UTC 
so it should be fixed in beta4? then please resolve/fixed this bug
Comment 4 Seth R Arnold 2005-08-30 18:29:28 UTC 
Sorry for not closing this bug with comment #2 --- I was working under the
assumption that only our QA contact, Keiran, would be closing our Novell
bugzilla bugs when he confirmed that fixes were integrated into new betas. We've
since changed (or I never understood :) so that engineers close Novell Bugzilla
bugs when we think our changes will be integrated into autobuild soon.