FreeNX and SELinux

Posted on by

As I mentioned earlier, upgrading from Fedora 6 to Fedora 7 broke FreeNX. A temporary solution was to disable SELinux. Here's what allowed me to re-enable SELinux. First, I read the RHEL 5 SELinux guide to building a local policy module. Next, I ran the following commands, as root:

setenforce Enforcing
/etc/init.d/auditd stop
mv /var/log/audit/audit.log /var/log/audit.log.old
/etc/init.d/auditd start

At this point, I used an NX client to attempt to connect to my server, which failed. Then I did this:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

At that point, my NX client allowed me to connect to the server. Here's the freenx.te file that audit2allow created:

module freenx 1.0;

require {
        type unconfined_t;
        type lib_t;
        class file execmod;
}

#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;

One thought on “FreeNX and SELinux

  1. Pingback: NoMachine NX, Fedora 9 and SELinux « jaredrobinson.com