On 2/21/25 11:23 AM, Andrei Borzenkov wrote:
21.02.2025 19:17, Joe Salmeri wrote:
Has anybody switched their TW system from apparmor to selinux AND using XRDP ?
I submitted a bug back on 11/25/2024 because selinux was blocking xrdp.
https://bugzilla.suse.com/show_bug.cgi?id=1233738
I have been Johannes to update the selinux policy to allow xrdp and his changes are now in Factory.
Today I restored my test TW system back to 20250106 and then updated it to 20250216 and followed the instructions here to switch to apparmor
https://en.opensuse.org/Portal:SELinux/ Setup#Setup_SELinux_on_existing_tumbleweed_systems
ausearch -ts boot | grep -e DEN
Does NOT produce any denied errors but XRDP connection fails.
There are quite a lot of silent denials (dontaudit). To see them all you need to disable dontaudit:
semodule --disable_dontaudit --build
Switching to permissive mode with
setenforce 0
Allows XRDP to work.
Anybody else seeing this ?
Ok, just retested XRDP after running "semodule --disable_dontaudit --build" ( which worked ). It fails just like before and there are still no errors returned by ausearch -ts boot | grep -e DEN -- Regards, Joe