From: russell@coker.com.au (Russell Coker) Date: Sun, 05 Nov 2017 13:40:50 +1100 Subject: [refpolicy] map permissions In-Reply-To: <20171104124610.GA18513@meriadoc.perfinion.com> References: <3850548.JCvBVk9sDr@xev> <20171104124610.GA18513@meriadoc.perfinion.com> Message-ID: <17164136.dAVbCxhTN6@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Saturday, 4 November 2017 8:46:10 PM AEDT Jason Zaman wrote: > What does your /etc/nsswitch.conf look like? do you have "compat" for > passwd, shadow, group? it maps a lot but doesnt acutally need it. > If you switch it to this then you wont get any maps at all: > > passwd: files > shadow: files > group: files Thanks Jason and Luis. I've tested that and it works for me. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880846 I've filed the above Debian bug report requesting that this be made the default. NIS is hardly ever used nowadays and the people with the rare and unusual configurations for NIS are surely capable of changing the nsswitch.conf file along with the many other changes they need to make to support NIS. For Buster I'll probably need to make the selinux-activate script do s/compat/files/ . -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/