Description of problem: I've installed freenx on a machine which is using ssh for connections. Whenever I try and make a connection to this machine via a NoMachine client, this error comes up on the setroubleshoot browser. All the relevant keys are in place between the two machines. I get the same error when trying to ssh onto the same machine using ssh keys rather than logging in with a password. I can ssh onto the machine using password authentication, but as soon as a key is used for authentication, SELinux denies access. Version-Release number of selected component (if applicable): 3.0.8-36.fc8 How reproducible: Every time Steps to Reproduce: 1. ssh to the machine using key access Actual results: SELinux denial Expected results: Connection to establish using ssh keys Additional info:
I changed the booleans for SSH under SELinux Administration * Allow ssh logins as sysadm_r:sysadm_t * Allow ssh to run ssh-keysign and now get an extra error: SELinux is preventing /usr/sbin/sshd (sshd_t) "getattr" to /var/lib/nxserver/home/.ssh/authorized_keys (var_lib_t). This is when making an NXClient connection to the machine or ssh'ing to the machine as the nx user (I think - I've only managed to replicate this part twice now).
When I say I changed the booleans in SELinux Administration - they didn't have a tick in the box and I selected them so they both have ticks in the box.
The easiest solution is just to modify the policy grep ssh /var/log/audit/audit.log | audit2allow -M myssh semodule -i myssh.pp Should fix A bettter long term solution would be to get a policy for freenix.
in updated fixed as of selinux-policy-3.0.8-77 feel free to use my packages, until they will be publicly available http://people.redhat.com/jkubin/selinux/F8/
Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists.