+++ This bug was initially created as a clone of Bug #1244573 +++ Description of problem: $ grep xrdp /etc/selinux/targeted/contexts/files/file_contexts /usr/sbin/xrdp -- system_u:object_r:unconfined_exec_t:s0 /usr/sbin/xrdp-sesman -- system_u:object_r:unconfined_exec_t:s0 Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-128.6.fc22.noarch How reproducible: Always. Steps to Reproduce: 1. xrdp.service fails to start when SELinux is in enforcing mode. Actual results: No start. Expected results: Should start? Additional info: This makes it work: # chcon -t bin_t /usr/sbin/xrdp # chcon -t bin_t /usr/sbin/xrdp-sesman --- Additional comment from Bojan Smojver on 2015-08-18 18:33:26 EDT --- Reassigning in the hope of getting some feedback and getting this fixed. --- Additional comment from Lukas Vrabec on 2015-08-31 08:17:24 EDT --- Hi, We should create a new policy for this daemon.
*** Bug 1244607 has been marked as a duplicate of this bug. ***
I can confirm this bug and fix on RHEL 7 (Google VM). [1:root@aps local]$ rpm -q xrdp xrdp-0.9.0-4.el7.x86_64 WAS running (setenforce 0): [1:root@aps local 148]$ ps -eZ | grep xrdp system_u:unconfined_r:init_t:s0 11186 ? 00:00:00 xrdp-sesman system_u:unconfined_r:init_t:s0 11187 ? 00:00:00 xrdp /var/log/messages: Jan 28 05:48:56 aps kernel: SELinux: Context system_u:unconfined_r:init_t:s0 would be invalid if enforcing [0:root@aps ~]$ ls -lZ /usr/sbin/xrdp* -rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /usr/sbin/xrdp -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/sbin/xrdp-chansrv -rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /usr/sbin/xrdp-sesman -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/sbin/xrdp-sessvc # ----------------------- NOW after: # chcon -t bin_t /usr/sbin/xrdp # chcon -t bin_t /usr/sbin/xrdp-sesman [1:root@aps local]$ ps -eZ | grep xrdp system_u:system_r:unconfined_service_t:s0 15286 ? 00:00:00 xrdp-sesman system_u:system_r:unconfined_service_t:s0 15287 ? 00:00:00 xrdp system_u:system_r:unconfined_service_t:s0 15328 ? 00:00:01 xrdp system_u:system_r:unconfined_service_t:s0 15333 ? 00:00:00 xrdp-sessvc system_u:system_r:unconfined_service_t:s0 15334 ? 00:00:00 xrdp-sesman system_u:system_r:unconfined_service_t:s0 15336 ? 00:00:00 xrdp-chansrv and SElinux is in enforcing mode with no errors in /var/log/messages I've connected from a Windows RDP client and all appears to run fine.
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
selinux-policy-3.13.1-185.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f4619cd21
selinux-policy-3.13.1-185.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f4619cd21
selinux-policy-3.13.1-185.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.