colord and xrdp clients
Posted: 2016/09/15 17:58:57
Hi,
I am running CentOS 7.2 as Terminal Server. I am using XRDP for remote users. I am getting an SELinux Error on colord. SELinux is preventing /usr/libexec/colord from open access on the file /proc/<pid>/cmdline. I have run the Following commands
# grep colord /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
This does not fix the problem. From another site I added a policy for this in /etc/polkit-1/localauthoriy/50-local named allow-colord.pkla
It has the following in it:
[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-profile;freedesktop.color-manager.modify-profile
ResultAny=yes
ResultInactive=auth_admin
ResultActive=yes
This stops it from asking asking for the root password on connection, but still causes an SELinux Alert. Does anybody know a way so SELinux will not cause an alert. I would like colord to work or be ignored for all the users and keep SELinux on.
This was not a problem on CentOS 6.4 through 6.8 (which I am running today as Terminal Server now). We looking to migrate to CentOS 7.
Any help on this would be greatly appreciated
Thank you,
Ron
I am running CentOS 7.2 as Terminal Server. I am using XRDP for remote users. I am getting an SELinux Error on colord. SELinux is preventing /usr/libexec/colord from open access on the file /proc/<pid>/cmdline. I have run the Following commands
# grep colord /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
This does not fix the problem. From another site I added a policy for this in /etc/polkit-1/localauthoriy/50-local named allow-colord.pkla
It has the following in it:
[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-profile;freedesktop.color-manager.modify-profile
ResultAny=yes
ResultInactive=auth_admin
ResultActive=yes
This stops it from asking asking for the root password on connection, but still causes an SELinux Alert. Does anybody know a way so SELinux will not cause an alert. I would like colord to work or be ignored for all the users and keep SELinux on.
This was not a problem on CentOS 6.4 through 6.8 (which I am running today as Terminal Server now). We looking to migrate to CentOS 7.
Any help on this would be greatly appreciated
Thank you,
Ron