From: russell@coker.com.au (Russell Coker)
Date: Sun, 05 Nov 2017 13:40:50 +1100
Subject: [refpolicy] map permissions
In-Reply-To: <20171104124610.GA18513@meriadoc.perfinion.com>
References: <3850548.JCvBVk9sDr@xev>
	<20171104124610.GA18513@meriadoc.perfinion.com>
Message-ID: <17164136.dAVbCxhTN6@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Saturday, 4 November 2017 8:46:10 PM AEDT Jason Zaman wrote:
> What does your /etc/nsswitch.conf look like? do you have "compat" for
> passwd, shadow, group? it maps a lot but doesnt acutally need it.
> If you switch it to this then you wont get any maps at all:
> 
> passwd:      files
> shadow:      files
> group:       files

Thanks Jason and Luis.  I've tested that and it works for me.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880846

I've filed the above Debian bug report requesting that this be made the 
default.  NIS is hardly ever used nowadays and the people with the rare and 
unusual configurations for NIS are surely capable of changing the 
nsswitch.conf file along with the many other changes they need to make to 
support NIS.

For Buster I'll probably need to make the selinux-activate script do
s/compat/files/ .

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/