Forum / NoMachine for Linux / SE-Linux problems
- This topic has 1 reply, 2 voices, and was last updated 9 years, 8 months ago by frog.
-
AuthorPosts
-
March 30, 2015 at 08:49 #6754pfinniganParticipant
I am running fedora 21 updated to latest released level and NoMachine 4.4.12.11 on both local and remote machines.
I am having a problem with se-linux and nx. It appears that it could be down to a NoMachine policy, I am not certain of that. It is simple to fix but I am posting to ensure that any supplied policy is adjusted to avoid this in the future.
Has anybody else suffered this?
Description of problem:
Rebooted system. Problem occurs on startup.
SELinux is preventing systemd-readahe from ‘getattr’ accesses on the file /usr/NX/bin/nxd.***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-readahe should be allowed getattr access on the nxd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.ppAdditional Information:
Source Context system_u:system_r:readahead_t:s0
Target Context unconfined_u:object_r:nx_exec_t:s0
Target Objects /usr/NX/bin/nxd [ file ]
Source systemd-readahe
Source Path systemd-readahe
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 5
First Seen 2015-03-26 14:40:29 GMT
Last Seen 2015-03-26 14:40:29 GMT
Local ID 88d139f6-d31e-4e5c-af9f-c236b49e185aRaw Audit Messages
type=AVC msg=audit(1427380829.988:489): avc: denied { getattr } for pid=631 comm=”systemd-readahe” path=”/usr/NX/bin/nxd” dev=”dm-2″ ino=1591507 scontext=system_u:system_r:readahead_t:s0 tcontext=unconfined_u:object_r:nx_exec_t:s0 tclass=file permissive=0Hash: systemd-readahe,readahead_t,nx_exec_t,file,getattr
Version-Release number of selected component:
selinux-policy-3.13.1-105.6.fc21.noarchAdditional info:
reporter: libreport-2.3.0
hashmarkername: setroubleshoot
kernel: 3.19.1-201.fc21.x86_64
type: libreportI also get:
SELinux is preventing systemd-readahe from ‘ioctl’ accesses on the file /usr/NX/bin/nxd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-readahe should be allowed ioctl access on the nxd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-readahe /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.ppAdditional Information:
Source Context system_u:system_r:readahead_t:s0
Target Context unconfined_u:object_r:nx_exec_t:s0
Target Objects /usr/NX/bin/nxd [ file ]
Source systemd-readahe
Source Path systemd-readahe
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-105.6.fc21.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.19.1-201.fc21.x86_64 #1 SMP Wed
Mar 18 04:29:24 UTC 2015 x86_64 x86_64
Alert Count 5
First Seen 2015-03-26 14:39:54 GMT
Last Seen 2015-03-26 14:39:58 GMT
Local ID 7c4c1b4a-c0c7-4fbc-8549-4ec8880db8e0Raw Audit Messages
type=AVC msg=audit(1427380798.312:441): avc: denied { ioctl } for pid=631 comm=”systemd-readahe” path=”/usr/NX/bin/nxd” dev=”dm-2″ ino=1591507 scontext=system_u:system_r:readahead_t:s0 tcontext=unconfined_u:object_r:nx_exec_t:s0 tclass=file permissive=0Hash: systemd-readahe,readahead_t,nx_exec_t,file,ioctl
March 31, 2015 at 13:59 #6775frogParticipantHello,
We investigated reported problem wtih selinux on Fedora 21, however we are not able to reproduce this problem.
For better understanding of this problem could you please provide more information about your system and selinux?
Did you install some custom policy modules? ( if yes and if it is possible could you uninstall these selinux modules and check if problem still exists?)
Which is you selinux version?
Did you install fresh NoMachine or make an update? If this version was updated which version did you use before? Did this problem exist on older version or it occured on 4.4.12?
If you did some uncommon selinux configurations please give us information about such configurations.
-
AuthorPosts
Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.