Description of problem: When remotely connecting to an nxserver host, the nxserver host raises 2 distinct selinux violations: avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022 exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0 name="libXcomp.so.2.1.0" path="/usr/lib/NX/lib/libXcomp.so.2.1.0" pid=25820 scontext=user_u:system_r:unconfined_t:s0 sgid=893 subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 avc: denied { execmod } for comm="nxagent" dev=dm-0 egid=893 euid=8022 exe="/usr/lib/NX/nxagent" exit=-13 fsgid=893 fsuid=8022 gid=893 items=0 name="libXcompext.so.2.1.0" path="/usr/lib/NX/lib/libXcompext.so.2.1.0" pid=28308 scontext=user_u:system_r:unconfined_t:s0 sgid=893 subj=user_u:system_r:unconfined_t:s0 suid=8022 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=8022 Version-Release number of selected component (if applicable): nx-2.1.0-1.fc6 selinux-policy-targeted-2.4.6-23.fc6 How reproducible: Always Steps to Reproduce: 1. install nx server (nxclient, nx, freenx) 2. remotely connect to server Actual results: se linux violations prevent access to libraries libXcompext.so.2.1.0 and nxagent libXcomp.so.2.1.0 Expected results: No selinux violations
You can fix these by executing chcon -t textrel_shlib_t /usr/lib/NX/lib/libXcompext.so.2.1.0 Fixed in selinux-policy-2.4.6-29