issue with selinux and turbovnc after upgrading a machine to fedora 35
9 views
Skip to first unread message
joa...@verona.se
Feb 26, 2022, 6:56:26 PM2/26/22
to turbovn...@googlegroups.com
Hello,
I upgraded a machine from fedora 34 to 35. After that, I got a black
screen in the turbovnc client.
If I start turbovnc server manually in a shell, the vnc server starts
fine, and I can connect.
Then I tried "setenforce 0", and started the turbovnc service, and then
xfce starts fine, and I can connect the client. I can then turn on
selinux again, and it seems to continue to work.
I also upgraded turbovnc turbovnc-2.2.91-20220224.x86_64
but that didnt seem to make a difference.
Any hints how to fix this?
--
Joakim Verona
joa...@verona.se
I upgraded a machine from fedora 34 to 35. After that, I got a black
screen in the turbovnc client.
If I start turbovnc server manually in a shell, the vnc server starts
fine, and I can connect.
Then I tried "setenforce 0", and started the turbovnc service, and then
xfce starts fine, and I can connect the client. I can then turn on
selinux again, and it seems to continue to work.
I also upgraded turbovnc turbovnc-2.2.91-20220224.x86_64
but that didnt seem to make a difference.
Any hints how to fix this?
--
Joakim Verona
joa...@verona.se
DRC
Feb 28, 2022, 1:07:19 PM2/28/22
to turbovn...@googlegroups.com
Try
sudo semanage fcontext -a -t bin_t /etc/rc.d/init.d/tvncserver
sudo restorecon -R -v /etc/rc.d/init.d/tvncserver
and then reboot the system. That seems to work for me. Those commands
have the effect of making the TurboVNC Server init.d script run under
the system_u:system_r:unconfined_service_t:s0 context instead of the
system_u:object_r:initrc_exec_t:s0 context, which more closely simulates
the SELinux context that you get when you start the TurboVNC Server
manually (unconfined_u:unconfined_r:unconfined_t:s0).
DRC
sudo semanage fcontext -a -t bin_t /etc/rc.d/init.d/tvncserver
sudo restorecon -R -v /etc/rc.d/init.d/tvncserver
and then reboot the system. That seems to work for me. Those commands
have the effect of making the TurboVNC Server init.d script run under
the system_u:system_r:unconfined_service_t:s0 context instead of the
system_u:object_r:initrc_exec_t:s0 context, which more closely simulates
the SELinux context that you get when you start the TurboVNC Server
manually (unconfined_u:unconfined_r:unconfined_t:s0).
DRC
DRC
Feb 28, 2022, 4:14:32 PM2/28/22
to turbovn...@googlegroups.com
This is apparently necessary on RHEL/CentOS 7 and 8 as well. Under
prior RHEL/CentOS releases, the initrc_t context was unconfined, but
apparently that changed. On my Fedora 34 installation, it is also
necessary, so I'm not sure how you were able to make the TurboVNC Server
init.d script work on Fedora 34. I'm investigating whether it makes
sense to relabel /etc/rc.d/init.d/tvncserver automatically in the
official RPM. Everything I've read so far suggests that
unconfined_service_t is the appropriate context, since that context was
designed for running non-SELinux-aware services.
DRC
prior RHEL/CentOS releases, the initrc_t context was unconfined, but
apparently that changed. On my Fedora 34 installation, it is also
necessary, so I'm not sure how you were able to make the TurboVNC Server
init.d script work on Fedora 34. I'm investigating whether it makes
sense to relabel /etc/rc.d/init.d/tvncserver automatically in the
official RPM. Everything I've read so far suggests that
unconfined_service_t is the appropriate context, since that context was
designed for running non-SELinux-aware services.
DRC
DRC
Mar 7, 2022, 9:25:20 AM3/7/22
to turbovn...@googlegroups.com
Can you confirm whether my recommendation below fixes the issue on your
machine?
DRC
machine?
DRC
joa...@verona.se
Mar 8, 2022, 3:46:39 AM3/8/22
to 'DRC' via TurboVNC User Discussion/Support
"'DRC' via TurboVNC User Discussion/Support"
/Joakim
--
Joakim Verona
joa...@verona.se
<turbovn...@googlegroups.com> writes:
> Can you confirm whether my recommendation below fixes the issue on
> your machine?
I tried it just now, and it seems to work nicely, thanks!
> Can you confirm whether my recommendation below fixes the issue on
> your machine?
/Joakim
Joakim Verona
joa...@verona.se
DRC
Mar 15, 2022, 9:34:52 AM3/15/22
to turbovn...@googlegroups.com
The RPM packages in the latest 3.0 post-beta pre-release build
(https://turbovnc.org/DeveloperInfo/PreReleases) should have the fix.
Please try the new packages and make sure I didn't break anything.
DRC
(https://turbovnc.org/DeveloperInfo/PreReleases) should have the fix.
Please try the new packages and make sure I didn't break anything.
DRC
Reply all
Reply to author
Forward
0 new messages