The following information relates to installation of ThinLinc on an SELinux-enabled platform.
ThinLinc is designed to run with reference SELinux policy and users in the unconfined context. It is possible to use ThinLinc with other policies and more restricted contexts, but will most likely require modifications to your policy to accommodate ThinLinc.
The local system policy will optionally be modified by
tl-setup during installation. The SELinux module and other policy changes performed can be examined in
/opt/thinlinc/share/selinux. Execute the command
/opt/thinlinc/share/selinux/install to reapply ThinLinc's policy changes.
NOTE: The ThinLinc policy module is distributed in source form and therefore requires the reference policy build environment. ThinLinc setup will attempt to install this automatically on most distributions, but you may be required to install it manually.
ThinLinc can't start sessions (No agent server was available)
If ThinLinc is installed onto a partition that is mounted with the
nosuid mount option and SELinux is active, ThinLinc will fail to start user sessions. The connecting user will get an error message saying "ThinLinc login failed (No agent server was available)". The
vsmagent service will write the following errors to
subprocess: execvp: Permission denied tl-session: tl-xinit exited with status=71
Because of the
nosuid mount option, SELinux will deny the vsmagent to transition from the
thinlinc_agent_t SELinux context required for correct operation. To work around this problem, remove the
nosuid mount option from the partition where ThinLinc is installed and restart the