LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 12-07-2009, 05:25 AM   #1
ericcarlson
Member
 
Registered: Jan 2002
Posts: 161

Rep: Reputation: 30
Fedora 12 NXServer and SELinux


I've just installed Fed 12 and have the same damn annoying problem I had right through the life of the Fed 11 install, so would like to fix it right at the start this time if possible.

I use the free NX client on windows to connect to its NXserver, but this only lets me in if I have previously issued "setenforce 0". Now I know that's crap, but this is a home machine so it's not as bad as it sounds. I guess the problem is SELinux needs either more ports opening or more apps given special permissions. Does anyone happen to have the exact list of things I need to do to fix this please? Thanks...
 
Old 12-07-2009, 07:24 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
I doubt there are any policy packages for it, so you'd need to allow SELinux exceptions and / or modify SELinux contexts by hand, which needn't be too horrible. There are tools like seaudit which will show you what was prevented, and it's often just a case of permitting it. http://www.redhat.com/docs/manuals/e...tion-0105.html It's important to at least *try* to understand what was being requested though, as you can spiral off allowing everything to do anything without understanding why. In general though, it's a case of repeated testing and adding each exception as you hit it, and trying again. I've been in this situation a while back and got fairly comfortable with just cylcing through this routine 20 or 30 times chipping away at the specifics to end up with a reasonably satisfactory policy. Not as horrible as it sounds.
 
Old 12-07-2009, 07:30 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Ahh, remembered now, the tool I specifically used to use was audit2allow, which has a really handy manpage. I think, looking at the manpage now, that I built a monolithic local policy, largely following the example there a couple of dozen times.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux Error :( Fedora 10 - help manuleka Linux - Newbie 6 06-02-2009 07:09 PM
Problems installing nxserver on Fedora TNeloms Linux - Software 1 09-15-2008 12:39 AM
Problems installing nxserver on Fedora TNeloms Linux - Newbie 1 09-12-2008 09:10 PM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration