FreeNX and SELinux

As I [mentioned earlier](http://jaredrobinson.com/blog/?p=87), upgrading from Fedora 6 to Fedora 7 broke FreeNX. A temporary solution was to disable SELinux. Here’s what allowed me to re-enable SELinux. First, I read the RHEL 5 SELinux guide to [building a local policy module](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-building-policy-module.html). Next, I ran the following commands, as root:

setenforce Enforcing
/etc/init.d/auditd stop
mv /var/log/audit/audit.log /var/log/audit.log.old
/etc/init.d/auditd start

At this point, I used an NX client to attempt to connect to my server, which failed. Then I did this:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

At that point, my NX client allowed me to connect to the server. Here’s the freenx.te file that audit2allow created:

module freenx 1.0;

require {
type unconfined_t;
type lib_t;
class file execmod;
}

#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;

Upgrading from Fedora 6 to Fedora 7

Last night, I completed the easiest Fedora upgrade I’ve ever had, without having to download and boot from a CD/DVD. Here are the instructions I followed:
[http://fedoraproject.org/wiki/YumUpgradeFaq](http://fedoraproject.org/wiki/YumUpgradeFaq)

I did have some unexpected glitches, mostly due to SELinux.

* The pidgin (formerly known as gaim) system tray icon didn’t appear until I deleted my .gconf settings and logged back in. This has the drawback that I had to reconfigure several aspects of my UI. It may be possible to only delete ~/.gconf/apps/panel/applets/systray (or to remove it from the panel manually), then re-add it by right-clicking the panel, selecting “Add to Panel” and chooise “Notification Area”.
* The Dovecot IMAP server wasn’t allowing Thunderbird to connect. I ran ‘yum upgrade’, and it installed an updated SELinux policy pack. After restarting, IMAP services functioned properly.
* HAL didn’t start up. To fix it, I ran ‘touch /.autorelabel’ as root and rebooted. Since then, I’ve learned that using [fixfiles](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-admincontrol.html#sec-sel-fsrelabel) is a safer approach.
* FreeNX didn’t allow me to connect unless I disable SELinux. Later, I [figured out how](http://jaredrobinson.com/blog/?p=89) to configure SELinux to allow FreeNX.

Goodby VMWare, Hello VirtualBox

I’ve been using the freeware VMPlayer and VMware Server for a few years now, and while they function, it’s been a pain to have to recompile kernel modules every time the kernel is updated on my Fedora machines. A big disadvantage of VMWare is that the guests don’t seem to startup when run inside of an NX session, and I can’t run guests “headless” (without a monitor connected) using the free editions.

Based on the recommendation of [Craig Ozancin](http://www.linkedin.com/pub/0/826/810), I’ve tried [Virtual Box](http://www.virtualbox.org/), and I’m pleased with it — it lets me start and stop guests from the command line. I can connect to them using RDP (remote desktop). The new 1.4.0 release includes support for VMWare guest images! VirtualBox hasn’t required me to recompile kernel modules, and it seems to run faster than VMWare.

Goodbye VMware. Hello VirtualBox. What does the future hold? Probably [KVM](http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart) (the [kernel-based virtual machine](http://www.phoronix.com/vr.php?view=9066)), which only works with newer Intel and AMD chips containing virtualization instructions.

I later discovered that when I (accidentally) ran the Xen kernel, VirtualBox wouldn’t work. It seems the Xen kernel doesn’t work well with third party virtualization solutions. It’s a good thing I don’t need Xen.

HOWTO disable middle-mouse-paste in Linux

A coworker couldn’t stand the fact that, on his linux computer, when he accidentally clicked the mouse wheel, it would paste text. He offered to buy me lunch if I could turn it off. Here’s how we did it. Run the following command:

> xmodmap -e “pointer = 1 25 3 4 5 6 7 8 9”

To persist this behavior, edit ~/.Xmodmap and add
> pointer = 1 25 3 4 5 6 7 8 9

Next annoyance: My coworker uses Eclipse, and wants to hit the F10 key. GTK (the toolkit underneath Gnome) maps F10 to pop up the application menu. In RHEL/CentOS 4, there’s no good way to fix it. On my Fedora 6 machine, I did the following:

> gconftool-2 –get /desktop/gnome/interface/menubar_accel

I saved off the value of that, which was “F10”. Then I ran this:

> gconftool-2 –type string –set /desktop/gnome/interface/menubar_accel “Ctrl-Shift-M”

It also works to use gconf-editor to edit the key /desktop/gnome/interface/menubar_accel.

Ethics are about business survival

[Business ethics about survival, leaders told](http://www.deseretnews.com/dn/view2/1,4382,660225718,00.html)

> Ethics aren’t important because they help businesses feel good about themselves… [it] is about staying in business.

> “We don’t ask you to do ethics so you can feel warm and soft and squishy,” Jennings said. “We ask you to do ethics because it is an integral part of long-term business survival. This is the thing you have to stay focused on when the pressure hits. This is the antidote,” [said professor and columnist Marianne Jennings]

[Read more](http://www.deseretnews.com/dn/view2/1,4382,660225718,00.html)