SE-Linux problems

Forum / NoMachine for Linux / SE-Linux problems

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #6754
    pfinnigan
    Participant

    I am running fedora 21 updated to latest released level and NoMachine 4.4.12.11 on both local and remote machines.

    I am having a problem with se-linux and nx. It appears that it could be down to a NoMachine policy, I am not certain of that. It is simple to fix but I am posting to ensure that any supplied policy is adjusted to avoid this in the future.

    Has anybody else suffered this?
    Description of problem:
    Rebooted system. Problem occurs on startup.
    SELinux is preventing systemd-readahe from ‘getattr’ accesses on the file /usr/NX/bin/nxd.

    ***** Plugin catchall (100. confidence) suggests **************************

    If you believe that systemd-readahe should be allowed getattr access on the nxd file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    Additional Information:
    Source Context system_u:system_r:readahead_t:s0
    Target Context unconfined_u:object_r:nx_exec_t:s0
    Target Objects /usr/NX/bin/nxd [ file ]
    Source systemd-readahe
    Source Path systemd-readahe
    Port <Unknown>
    Host (removed)
    Source RPM Packages
    Target RPM Packages
    Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
    Selinux Enabled True
    Policy Type targeted
    Enforcing Mode Enforcing
    Host Name (removed)
    Platform Linux (removed) 3.19.1-201.fc21.x86_64 #1 SMP Wed
    Mar 18 04:29:24 UTC 2015 x86_64 x86_64
    Alert Count 5
    First Seen 2015-03-26 14:40:29 GMT
    Last Seen 2015-03-26 14:40:29 GMT
    Local ID 88d139f6-d31e-4e5c-af9f-c236b49e185a

    Raw Audit Messages
    type=AVC msg=audit(1427380829.988:489): avc: denied { getattr } for pid=631 comm=”systemd-readahe” path=”/usr/NX/bin/nxd” dev=”dm-2″ ino=1591507 scontext=system_u:system_r:readahead_t:s0 tcontext=unconfined_u:object_r:nx_exec_t:s0 tclass=file permissive=0

    Hash: systemd-readahe,readahead_t,nx_exec_t,file,getattr

    Version-Release number of selected component:
    selinux-policy-3.13.1-105.6.fc21.noarch

    Additional info:
    reporter: libreport-2.3.0
    hashmarkername: setroubleshoot
    kernel: 3.19.1-201.fc21.x86_64
    type: libreport

    I also get:

    SELinux is preventing systemd-readahe from ‘ioctl’ accesses on the file /usr/NX/bin/nxd.

    ***** Plugin catchall (100. confidence) suggests **************************

    If you believe that systemd-readahe should be allowed ioctl access on the nxd file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    Additional Information:
    Source Context system_u:system_r:readahead_t:s0
    Target Context unconfined_u:object_r:nx_exec_t:s0
    Target Objects /usr/NX/bin/nxd [ file ]
    Source systemd-readahe
    Source Path systemd-readahe
    Port <Unknown>
    Host (removed)
    Source RPM Packages
    Target RPM Packages
    Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
    Selinux Enabled True
    Policy Type targeted
    Enforcing Mode Enforcing
    Host Name (removed)
    Platform Linux (removed) 3.19.1-201.fc21.x86_64 #1 SMP Wed
    Mar 18 04:29:24 UTC 2015 x86_64 x86_64
    Alert Count 5
    First Seen 2015-03-26 14:39:54 GMT
    Last Seen 2015-03-26 14:39:58 GMT
    Local ID 7c4c1b4a-c0c7-4fbc-8549-4ec8880db8e0

    Raw Audit Messages
    type=AVC msg=audit(1427380798.312:441): avc: denied { ioctl } for pid=631 comm=”systemd-readahe” path=”/usr/NX/bin/nxd” dev=”dm-2″ ino=1591507 scontext=system_u:system_r:readahead_t:s0 tcontext=unconfined_u:object_r:nx_exec_t:s0 tclass=file permissive=0

    Hash: systemd-readahe,readahead_t,nx_exec_t,file,ioctl

    #6775
    frog
    Participant

    Hello,

     

    We investigated reported problem wtih selinux on Fedora 21, however we are not able to reproduce this problem.

    For better understanding of this problem could you please provide more information about your system and selinux?

    Did you install some custom policy modules? ( if yes and if it is possible could you uninstall these selinux modules and check if problem still exists?)

    Which is you selinux version?

    Did you install fresh NoMachine or make an update? If this version was updated  which version did you use before? Did this problem exist on older version or it occured on 4.4.12?

    If you did some uncommon selinux configurations please give us information about such configurations.

Viewing 2 posts - 1 through 2 (of 2 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.