Fedora 12 NXServer and SELinux
 

I've just installed Fed 12 and have the same damn annoying problem I had right through the life of the Fed 11 install, so would like to fix it right at the start this time if possible.

I use the free NX client on windows to connect to its NXserver, but this only lets me in if I have previously issued "setenforce 0". Now I know that's crap, but this is a home machine so it's not as bad as it sounds. I guess the problem is SELinux needs either more ports opening or more apps given special permissions. Does anyone happen to have the exact list of things I need to do to fix this please? Thanks...

I doubt there are any policy packages for it, so you'd need to allow SELinux exceptions and / or modify SELinux contexts by hand, which needn't be too horrible. There are tools like seaudit which will show you what was prevented, and it's often just a case of permitting it. http://www.redhat.com/docs/manuals/e...tion-0105.html It's important to at least *try* to understand what was being requested though, as you can spiral off allowing everything to do anything without understanding why. In general though, it's a case of repeated testing and adding each exception as you hit it, and trying again. I've been in this situation a while back and got fairly comfortable with just cylcing through this routine 20 or 30 times chipping away at the specifics to end up with a reasonably satisfactory policy. Not as horrible as it sounds.

Ahh, remembered now, the tool I specifically used to use was audit2allow, which has a really handy manpage. I think, looking at the manpage now, that I built a monolithic local policy, largely following the example there a couple of dozen times.