Re: No vnc desktop with selinux enabled
> 2008/7/5 <redhatdude <at> bellsouth.net>:
>
> > Hello,
> > I'm having an issue with selinux. Whenever I enable selinux, vnc doens't
> > start my gnome desktop. I only get a grey screen. Once I set selinux to
> > permisive, I connect to the vncserver and can see and use my desktop.
> > How can I use my desktop with selinux enabled?
> > Thanks,
> > EJ
-------------- Original message ----------------------
From: "Olivier Robert" <robby57 <at> gmail.com>
> You can connect to the box via ssh and forward you vnc port.
> ex:
> ssh -L 5900:localhost:5900 you <at> your_box
> Then connect your vnc client to localhost on the forwarded port.
> vncviewer 127.0.0.1:5900
> selinux can run normally on your box and the vnc traffic is secured as well.
That's what I do and selinux may run normally but it won't let me start my Desktop.
Below is the output of audit.log when I start the vncserver
Thanks for your help.
channel 4: open failed: connect failed: Connection refused
type=USER_START msg=audit(1215278387.539:6023): user pid=27840 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_ACQ msg=audit(1215278387.539:6024): user pid=27840 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_DISP msg=audit(1215278387.594:6025): user pid=27840 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_END msg=audit(1215278387.595:6026): user pid=27840 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=ANOM_ABEND msg=audit(1215278387.704:6027): auid=4294967295 uid=500 gid=500 ses=4294967295
subj=system_u:system_r:unconfined_notrans_t:s0 pid=3027 comm="tomboy" sig=11
type=USER_START msg=audit(1215278390.622:6028): user pid=27859 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_open acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_ACQ msg=audit(1215278390.622:6029): user pid=27859 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=CRED_DISP msg=audit(1215278393.696:6030): user pid=27859 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:setcred acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=USER_END msg=audit(1215278393.696:6031): user pid=27859 uid=0 auid=500
subj=unconfined_u:system_r:initrc_t:s0 msg='op=PAM:session_close acct="MyUserName"
exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
type=AVC msg=audit(1215278393.750:6032): avc: denied { connectto } for pid=27907
comm="ck-get-x11-serv"
path=002F746D702F2E5831312D756E69782F5831000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:unconfined_notrans_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1215278393.750:6032): arch=c000003e syscall=42 success=yes exit=0 a0=3
a1=7fff1a692120 a2=6e a3=7fff1a692123 items=0 ppid=27906 pid=27907 auid=4294967295 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295
comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1215278393.751:6033): avc: denied { read } for pid=27907 comm="ck-get-x11-serv"
name=".Xauthority" dev=md3 ino=32941 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file
type=SYSCALL msg=audit(1215278393.751:6033): arch=c000003e syscall=21 success=yes exit=0
a0=9e83b0 a1=4 a2=9e83c8 a3=3d0d567a70 items=0 ppid=27906 pid=27907 auid=4294967295 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295
comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1215278393.751:6034): avc: denied { getattr } for pid=27907
comm="ck-get-x11-serv" path="/home/MyUserName/.Xauthority" dev=md3 ino=32941
scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file
type=SYSCALL msg=audit(1215278393.751:6034): arch=c000003e syscall=5 success=yes exit=0 a0=4
a1=7fff1a690e30 a2=7fff1a690e30 a3=9e9180 items=0 ppid=27906 pid=27907 auid=4294967295 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295
comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1215278395.523:6035): avc: denied { execheap } for pid=28030 comm="mono"
scontext=unconfined_u:system_r:unconfined_notrans_t:s0
tcontext=unconfined_u:system_r:unconfined_notrans_t:s0 tclass=process
type=SYSCALL msg=audit(1215278395.523:6035): arch=c000003e syscall=10 success=yes exit=0
a0=15a9000 a1=1000 a2=7 a3=3d0d567a70 items=0 ppid=1 pid=28030 auid=500 uid=500 gid=500 euid=500
suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=43 comm="mono" exe="/usr/bin/mono"
subj=unconfined_u:system_r:unconfined_notrans_t:s0 key=(null)
--
--
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RSS Feed