As I [mentioned earlier](http://jaredrobinson.com/blog/?p=87), upgrading from Fedora 6 to Fedora 7 broke FreeNX. A temporary solution was to disable SELinux. Here’s what allowed me to re-enable SELinux. First, I read the RHEL 5 SELinux guide to [building a local policy module](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-building-policy-module.html). Next, I ran the following commands, as root:
setenforce Enforcing
/etc/init.d/auditd stop
mv /var/log/audit/audit.log /var/log/audit.log.old
/etc/init.d/auditd start
At this point, I used an NX client to attempt to connect to my server, which failed. Then I did this:
cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp
At that point, my NX client allowed me to connect to the server. Here’s the freenx.te file that audit2allow created:
module freenx 1.0;
require {
type unconfined_t;
type lib_t;
class file execmod;
}
#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;