-   Fedora (
-   -   Fedora 12 NXServer and SELinux (

ericcarlson 12-07-2009 06:25 AM

Fedora 12 NXServer and SELinux
I've just installed Fed 12 and have the same damn annoying problem I had right through the life of the Fed 11 install, so would like to fix it right at the start this time if possible.

I use the free NX client on windows to connect to its NXserver, but this only lets me in if I have previously issued "setenforce 0". Now I know that's crap, but this is a home machine so it's not as bad as it sounds. I guess the problem is SELinux needs either more ports opening or more apps given special permissions. Does anyone happen to have the exact list of things I need to do to fix this please? Thanks...

acid_kewpie 12-07-2009 08:24 AM

I doubt there are any policy packages for it, so you'd need to allow SELinux exceptions and / or modify SELinux contexts by hand, which needn't be too horrible. There are tools like seaudit which will show you what was prevented, and it's often just a case of permitting it. It's important to at least *try* to understand what was being requested though, as you can spiral off allowing everything to do anything without understanding why. In general though, it's a case of repeated testing and adding each exception as you hit it, and trying again. I've been in this situation a while back and got fairly comfortable with just cylcing through this routine 20 or 30 times chipping away at the specifics to end up with a reasonably satisfactory policy. Not as horrible as it sounds.

acid_kewpie 12-07-2009 08:30 AM

Ahh, remembered now, the tool I specifically used to use was audit2allow, which has a really handy manpage. I think, looking at the manpage now, that I built a monolithic local policy, largely following the example there a couple of dozen times.

All times are GMT -5. The time now is 03:48 AM.