I upgraded from Fedora 7 to Fedora 9 using [preupgrade](http:\/\/fedoraproject.org\/wiki\/PreUpgrade), and then I couldn’t connect to the [NoMachine NX Server](http:\/\/www.nomachine.com\/). It’s due to SELinux, again (I [wrote about this earlier](http:\/\/jaredrobinson.com\/blog\/?p=89)). The approach to solve it is still the same, although the policy is different:<\/p>\n
Here’s what my audit.log messages looked like:<\/p>\n
May 30 07:48:03 localhost kernel: type=1400 audit(1212155283.470:7): avc: denied { getattr } for pid=876 \\
\n comm=”sshd” path=”\/usr\/NX\/home\/nx\/.ssh\/authorized_keys2″ dev=sda2 ino=70976 \\
\n scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file \\
\n May 30 08:22:35 localhost kernel: type=1400 audit(1212157355.873:9): avc: denied { read } for pid=872 \\
\n comm=”sshd” name=”authorized_keys2″ dev=sda2 ino=70976 \\
\n scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file<\/p>\n
Here’s how I created and inserted the policy:<\/p>\n
cd \/etc\/selinux
\n cat \/var\/log\/audit\/audit.log | audit2allow -M nx
\n semodule -i nx.pp<\/p>\n
And here’s the nx.te file:<\/p>\n
module nx 1.0;
\n require {
\n type sshd_t;
\n type usr_t;
\n class file { read getattr };
\n }
\n #============= sshd_t ==============
\n allow sshd_t usr_t:file { read getattr };<\/p>\n","protected":false},"excerpt":{"rendered":"
I upgraded from Fedora 7 to Fedora 9 using [preupgrade](http:\/\/fedoraproject.org\/wiki\/PreUpgrade), and then I couldn’t connect to the [NoMachine NX Server](http:\/\/www.nomachine.com\/). It’s due to SELinux, again (I [wrote about this earlier](http:\/\/jaredrobinson.com\/blog\/?p=89)). The approach to solve it is still the same, although the policy is different: Here’s what my audit.log messages looked like: May 30 07:48:03 localhost … <\/p>\n