The following information relates to installation of ThinLinc on an SELinux-enabled platform.
ThinLinc is designed to run with reference SELinux policy and users in the unconfined context. It is possible to use ThinLinc with other policies and more restricted contexts, but will most likely require modifications to your policy to accommodate ThinLinc.
The local system policy will optionally be modified by
tl-setup during installation. The SELinux module and other policy changes performed can be examined in
/opt/thinlinc/share/selinux. Execute the command
/opt/thinlinc/share/selinux/install to reapply ThinLinc's policy changes.
NOTE: The ThinLinc policy module is distributed in source form and therefore requires the reference policy build environment. ThinLinc setup will attempt to install this automatically on most distributions, but you may be required to install it manually.
NOTE: The ThinLinc policy module requires reference policy support for user-based access control (UBAC). The reference SELinux policy shipped with Red Hat Enterprise Linux 5 is too old to support UBAC, making it incompatible with the ThinLinc policy module.
ThinLinc can't start sessions (No agent server was available)
If ThinLinc is installed onto a partition that is mounted with the
nosuid mount option and SELinux is active, ThinLinc will fail to start user sessions. The connecting user will get an error message saying "ThinLinc login failed (No agent server was available)". The
vsmagent service will write the following errors to
subprocess: execvp: Permission denied tl-session: tl-xinit exited with status=71
Because of the
nosuid mount option, SELinux will deny the vsmagent to transition from the
thinlinc_agent_t SELinux context required for correct operation. To work around this problem, remove the
nosuid mount option from the partition where ThinLinc is installed and restart the
Crashing Firefox tabs
On some systems a bug in the default policy settings prevent Firefox 52 ESR from working correctly. All tabs will simply show
Gah. Your tab just crashed.. Either a newer version of Firefox must be used, or the local policy must be set to be less restrictive:
$ sudo setsebool -P unconfined_mozilla_plugin_transition off