- Change init script to automatically turn on/off allow_ypbind boolean

ypbind.init

@@ -27,6 +27,25 @@ OTHER_YPBIND_OPTS=""
 # Check that networking is configured.
 [ ${NETWORKING} = "no" ] && exit 0
 
+selinux_on() {
+        [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || return
+	echo "Turning on allow_ypbind SELinux boolean"
+        setsebool allow_ypbind=1
+}
+
+selinux_off() {
+        [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || return
+	allow_ypbind=0
+	.  /etc/selinux/config
+	if [ -e /etc/selinux/${SELINUXTYPE}/modules1/active/booleans.local ]; then
+		. /etc/selinux/${SELINUXTYPE}/modules/active/booleans.local
+	fi
+	if [ $allow_ypbind == 0 ]; then
+		echo "Turning off allow_ypbind SELinux boolean"
+		setsebool allow_ypbind=$allow_ypbind
+	fi
+}
+
 start() {
 	DOMAINNAME=`domainname`
 	if [ "$DOMAINNAME" = "(none)" -o "$DOMAINNAME" = "" ]; then
@@ -36,11 +55,13 @@ start() {
 	        exit 1
 	   fi
 	fi
+        selinux_on
 	echo -n $"Binding to the NIS domain: "
 	daemon ypbind $OTHER_YPBIND_OPTS
 	RETVAL=$?
 	echo
 	if [ $RETVAL -ne 0 ]; then
+	    selinux_off
 	    return $RETVAL
 	fi
 	# the following fixes problems with the init scripts continuing
@@ -60,6 +81,7 @@ start() {
 	    logger -t ypbind "bound to NIS server `ypwhich 2> /dev/null`"
 	    touch /var/lock/subsys/ypbind
 	else
+	    selinux_off
 	    killproc ypbind
 	    # if  we used brute force (like kill -9) we don't want those around
 	    if [ x$(domainname) != x ] ; then
@@ -72,6 +94,7 @@ start() {
 }
 
 stop() {
+       	selinux_off
 	echo -n $"Shutting down NIS services: "
 	killproc ypbind
 	RETVAL=$?