Description of problem: LightDM has the capability of listening on VNC ports and launching Xvnc on demand. SELinux is blocking LightDM (xdm_t) from listening on VNC ports (vnc_port_t): type=AVC msg=audit(1422759252.925:895): avc: denied { name_bind } for pid=25908 comm="lightdm" src=5910 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket permissive=0 Boolean worthy? Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-105.fc21.noarch How reproducible: 100% Steps to Reproduce: 1. Enable LightDM VNC server (enabled=true in [VNCServer] section of /etc/lightdm/lightdm.conf) 2. [Re]start LightDM Actual results: LightDM cannot bind to VNC port. Log contains messages such as: Jan 31 20:54:12 ian.penurio.us lightdm[25908]: ** (lightdm:25908): WARNING **: Failed to create IPv4 VNC socket: Error binding to address: Permission denied Jan 31 20:54:12 ian.penurio.us lightdm[25908]: ** (lightdm:25908): WARNING **: Failed to create IPv6 VNC socket: Error binding to address: Permission denied Expected results: LightDM is able to listen on VNC port. Additional info: Workaround is to start Xvnc with a systemd socket and use XDMCP.
Yes this would seem to need a boolean.
commit ddee7efa224213cd817fb3e9394a772b9964c656 Author: Lukas Vrabec <lvrabec> Date: Mon Feb 2 13:09:27 2015 +0100 Added boolean xdm_bind_vnc_tcp_port. BZ(1187975)
selinux-policy-3.13.1-105.3.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.3.fc21
Package selinux-policy-3.13.1-105.3.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.3.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-1768/selinux-policy-3.13.1-105.3.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.