Description of problem: When running nxclient-3.40-5 selinux alert message pops up. Version-Release number of selected component (if applicable): selinux-policy-3.6.32-63.fc12, but every version form release of F122 has this bug How reproducible: every run of nxclient Steps to Reproduce: 1. Install nxclient-3.4.0-5 from nomachine.com. 2. Configure connection settings 3. Run the client. 4. Selinux alert pops up. But program runs successfully. Actual results: Selinux alert pops up. But Nxclient runs successfully Expected results: No selinux alert Additional info: following local policy seems to cure the problem: require { type xauth_t; type xserver_t; class unix_stream_socket connectto; } #============= xauth_t ============== allow xauth_t xserver_t:unix_stream_socket connectto;
Created attachment 382190 [details] selinux alert autmatically generated
Yes this AVC does not block anything. Notice the success=yes, This means the access was granted, The kernel probably used a different code path. Miroslav, need to add allow xauth_t xserver_t:unix_stream_socket connectto;
Fixed in selinux-policy-3.6.32-68.fc12.noarch
selinux-policy-3.6.32-69.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0362
selinux-policy-3.6.32-69.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.