On Fri, Feb 21, 2025 at 1:07 PM Chuck Payne <terrorpup@gmail.com> wrote:
On Fri, Feb 21, 2025 at 12:55 PM Neal Gompa <ngompa13@gmail.com> wrote:
On Fri, Feb 21, 2025 at 12:50 PM Chuck Payne <terrorpup@gmail.com> wrote:
When you use SELinux, this comes from a person that is RH Engineer, that a secondary package that install that does the SE Linux setting
xrdp-selinux.x86_64 : SELinux policy module required tu run xrdp
Do we not have such a package? I would recommend use it, because SELinux is a pain. It's great learning steap.
We do not. The policy module is built in the Fedora package[1] but not in ours.
[1]: https://src.fedoraproject.org/rpms/xrdp/blob/rawhide/f/xrdp.spec
-- 真実はいつも一つ!/ Always, there's only one truth!
Neal,
If it's Fedora, that's a good start. Having to write SE Linux states, I can tell everyone is a pain. It's why when we can as RH Admins, we turn SE Linux from Enforcing to Permissive. A lot of apps don't play nice with SE Linux. Just wait, you think xrdp a pain, wait until you have to deal with Apache/Ngixn.
I would recommend for now, try placing SELinux in Permissive mode, it will log everything, then you can use the output to the logs to write the correct SE Linux statements needs. Or download package from Rocky, that base on Enterprise version of RH, Fedora bleeding edge, stable, but bleeding edge. See how Rocky Linux does there SELinux.
Just an FYI, the agencies I work with we are RH shop, I was able to remove Citrix Workstation by replacing the xrdp. Save money and time.
I'm a bad person to complain about SELinux, as I helped implement it in openSUSE in the first place and I've gotten good at fixing things to work in enforcing mode using the tools and guides from Red Hat as well as guidance from folks like Thomas Cameron. I don't think it's that bad to work with, it just requires a bit more effort to adapt for your needs. -- 真実はいつも一つ!/ Always, there's only one truth!