From 0549b84bd7fc9e9d083e8737f04d475484929cee Mon Sep 17 00:00:00 2001 From: fufesou Date: Sat, 21 Oct 2023 23:38:41 +0800 Subject: [PATCH] selinux, check /var/log/audit/audit.log to see if there's any deny Signed-off-by: fufesou --- content/client/linux/_index.en.md | 12 +++++++++--- content/client/linux/_index.zh-cn.md | 11 ++++++++--- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/content/client/linux/_index.en.md b/content/client/linux/_index.en.md index 6eeae4d..b045f8f 100755 --- a/content/client/linux/_index.en.md +++ b/content/client/linux/_index.en.md @@ -55,7 +55,13 @@ Please **reboot** to make above changes taking effect. #### Permissions Issue -If you find that RustDesk's --server process is not running, that is, there is no output when executing `ps -ef | grep -E 'rustdesk +--server'`. -Then it's probably a permissions issue. +If SELinux is enabled, RustDesk will not work properly in either X11 or Wayland environments. -Please refer to [SELinux](./selinux/) for adding SELinux policies. +You can run: + +```bash +$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1 +type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0 +``` + +If the output contains `avc: denied`, you need to add SElinux policies, please refer to [SELinux](./selinux/). diff --git a/content/client/linux/_index.zh-cn.md b/content/client/linux/_index.zh-cn.md index a32de91..ea813c5 100755 --- a/content/client/linux/_index.zh-cn.md +++ b/content/client/linux/_index.zh-cn.md @@ -57,8 +57,13 @@ RustDesk 现在有实验性的 Wayland 支持,您可能需要下载 [nightly v #### 权限问题 -如果您发现 RustDesk 的 --server 进程没有启动,即执行 `ps -ef | grep -E 'rustdesk +--server'` 没有输出。 -那么很可能是权限问题。 +如果启用了 SELinux ,那么无论是 X11 环境 还是 Wayland 环境, RustDesk 都无法正常工作。 +您可以运行如下命令: -SELinux 权限添加请参考[SELinux](./selinux/)。 +```bash +$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1 +type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0 +``` + +如果有 `avc: denied` 的输出,则需要添加 SElinux 策略,请参考[SELinux](./selinux/)。