Posted on by jared

FreeNX and SELinux

As I [mentioned earlier](http://jaredrobinson.com/blog/?p=87), upgrading from Fedora 6 to Fedora 7 broke FreeNX. A temporary solution was to disable SELinux. Here’s what allowed me to re-enable SELinux. First, I read the RHEL 5 SELinux guide to [building a local policy module](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-building-policy-module.html). Next, I ran the following commands, as root:

setenforce Enforcing
/etc/init.d/auditd stop
mv /var/log/audit/audit.log /var/log/audit.log.old
/etc/init.d/auditd start

At this point, I used an NX client to attempt to connect to my server, which failed. Then I did this:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

At that point, my NX client allowed me to connect to the server. Here’s the freenx.te file that audit2allow created:

module freenx 1.0;

require {
type unconfined_t;
type lib_t;
class file execmod;
}

#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;

One Reply to “FreeNX and SELinux”

  1. Pingback: NoMachine NX, Fedora 9 and SELinux « jaredrobinson.com

Comments are closed.