extern/doc.rustdesk.com
1
0
Fork 1
mirror of https://github.com/rustdesk/doc.rustdesk.com.git synced 2025-08-17 20:11:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixing doc

Browse Source
This commit is contained in:
rustdesk
2025-06-18 01:59:54 +09:00
parent d8c4d85186
commit 1ea644d0dd
118 changed files with 3108 additions and 9104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1837
content/client/linux/SELinux/_index.de.md
View File

File diff suppressed because it is too large Load Diff

1837
content/client/linux/SELinux/_index.en.md
View File

File diff suppressed because it is too large Load Diff

1893
content/client/linux/SELinux/_index.es.md
View File

File diff suppressed because it is too large Load Diff

178
content/client/linux/SELinux/_index.fr.md
View File

@@ -1,178 +0,0 @@
---
title: SELinux
weight: 100
---
Certaines distributions (comme Fedora) activent SELinux par défaut, ce qui empêchera le service RustDesk de démarrer et de fonctionner normalement.
Vous pouvez exécuter `sestatus` dans le terminal pour vérifier si SELinux est activé.
Selon qu'il soit activé ou non, vous pouvez voir deux sorties différentes comme suit :
```sh
# Activé
SELinux status: enabled
...
# Désactivé
SELinux status: disabled
...
```
## Ajouter des politiques SELinux
Pour une introduction à SELinux, veuillez vous référer à [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials).
Ici, nous prenons Fedora 38 comme exemple pour présenter comment ajouter des politiques SELinux.
```sh
sudo dnf install selinux-policy-devel make
```
L'ajout de politiques SELinux nécessite de déterminer le type de service, qui se trouve dans le contexte de sécurité du processus.
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` est le contexte de sécurité du processus RustDesk, où le troisième champ `init_t` est le type du processus.
Il existe deux façons d'écrire les règles de type SELinux :
1. Ajouter des règles au `init_t` par défaut.
2. Ajouter un nouveau type `rustdesk_t` et ajouter des règles.
La première méthode a des modifications relativement mineures, mais parce que le `init_t` par défaut est modifié, cela équivaut à ajouter une autorisation à d'autres services utilisant le type `init_t`. **Non recommandé pour l'utilisation.**
La deuxième méthode consiste à ajouter des règles à partir de zéro. Il y aura de nombreuses règles qui doivent être ajoutées, et différents systèmes peuvent avoir des différences. Il peut être nécessaire de faire quelques ajustements lors de l'utilisation réelle.
### Utiliser le type par défaut
Le type par défaut du service RustDesk est `init_t`, qui est déterminé par [les règles d'héritage de contexte de SELinux](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context).
**Attention** : Modifier le type par défaut signifie que les politiques d'autres services peuvent également changer. Veuillez utiliser cette méthode avec prudence !
Modifiez le fichier de règles `rustdesk.te` :
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
Exécutez :
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
### Créer un type `rustdesk_t`
1. Créer un nouveau répertoire : `mkdir rustdesk-selinux-1.0`.
2. Créer des fichiers de politique SELinux : `touch Makefile rustdesk.te rustdesk.fc rustdesk.if`.
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` est le fichier de politique principal.
Dans cet exemple, ce fichier provient principalement de 3 parties :
1. [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te) dans le dépôt selinux-policy de GitHub.
2. Journal d'audit, `grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`.
3. La politique `init_t` du système de test, `sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`.
Certaines politiques sont dupliquées et certaines sont redondantes, mais c'est correct puisque cela fonctionne sur `rustdesk_t`.
**En raison de la complexité des fichiers de politique SELinux et de leur contenu technique détaillé, le contenu de configuration technique complet est omis ici pour des raisons de concision. Veuillez vous référer à la version anglaise pour la configuration complète.**
## Génération automatique de politique SELinux (sepolicy)
```sh
$ # installer les dépendances
$ sudo dnf install -y rpm rpm-build binutils
$ # générer la politique
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # Modifier le rustdesk.te
$
$
$ # générer le package rpm rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # installer le package
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # redémarrer le service
$ sudo systemctl restart rustdesk
```
### Ajouter des politiques de manière itérative
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # fusionner rustdesk_tmp.te dans rustdesk.te
$ make clean && make && sudo make install-policy
```
## Références
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

178
content/client/linux/SELinux/_index.it.md
View File

@@ -1,178 +0,0 @@
---
title: SELinux
weight: 100
---
Alcune distribuzioni (come Fedora) abilitano SELinux per impostazione predefinita, il che causerà il fallimento dell'avvio e dell'esecuzione normale del servizio RustDesk.
Puoi eseguire `sestatus` nel terminale per verificare se SELinux è abilitato.
A seconda che sia abilitato o meno, puoi vedere due output diversi come segue:
```sh
# Abilitato
SELinux status: enabled
...
# Disabilitato
SELinux status: disabled
...
```
## Aggiungere Politiche SELinux
Per un'introduzione a SELinux, si prega di fare riferimento a [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials).
Qui prendiamo Fedora 38 come esempio per introdurre come aggiungere politiche SELinux.
```sh
sudo dnf install selinux-policy-devel make
```
L'aggiunta di politiche SELinux richiede di determinare il tipo di servizio, che si trova nel contesto di sicurezza del processo.
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` è il contesto di sicurezza del processo RustDesk, dove il terzo campo `init_t` è il tipo del processo.
Ci sono due modi per scrivere le regole di tipo SELinux:
1. Aggiungere regole al `init_t` predefinito.
2. Aggiungere un nuovo tipo `rustdesk_t` e aggiungere regole.
Il primo metodo ha modifiche relativamente minori, ma poiché il `init_t` predefinito viene modificato, è equivalente ad aggiungere autorizzazione ad altri servizi che utilizzano il tipo `init_t`. **Non raccomandato per l'uso.**
Il secondo metodo è aggiungere regole da zero. Ci saranno molte regole che devono essere aggiunte, e sistemi diversi possono avere differenze. Potrebbe essere necessario fare alcuni aggiustamenti durante l'uso effettivo.
### Usare il Tipo Predefinito
Il tipo predefinito del servizio RustDesk è `init_t`, che è determinato dalle [regole di ereditarietà del contesto di SELinux](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context).
**Attenzione**: Modificare il tipo predefinito significa che anche le politiche di altri servizi potrebbero cambiare. Si prega di usare questo metodo con cautela!
Modifica il file delle regole `rustdesk.te`:
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
Esegui:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
### Creare un tipo `rustdesk_t`
1. Creare una nuova directory: `mkdir rustdesk-selinux-1.0`.
2. Creare file di politica SELinux: `touch Makefile rustdesk.te rustdesk.fc rustdesk.if`.
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` è il file di politica principale.
In questo esempio, questo file proviene principalmente da 3 parti:
1. [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te) nel repository selinux-policy di GitHub.
2. Log di audit, `grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`.
3. La politica `init_t` del sistema di test, `sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`.
Alcune politiche sono duplicate e alcune sono ridondanti, ma va bene poiché funziona su `rustdesk_t`.
**A causa della complessità dei file di politica SELinux e del loro contenuto tecnico dettagliato, il contenuto di configurazione tecnica completo è omesso qui per brevità. Si prega di fare riferimento alla versione inglese per la configurazione completa.**
## Generazione Automatica di Politiche SELinux (sepolicy)
```sh
$ # installare dipendenze
$ sudo dnf install -y rpm rpm-build binutils
$ # generare politica
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # Modificare il rustdesk.te
$
$
$ # generare pacchetto rpm rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # installare pacchetto
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # riavviare il servizio
$ sudo systemctl restart rustdesk
```
### Aggiungere Politiche Iterativamente
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # unire rustdesk_tmp.te in rustdesk.te
$ make clean && make && sudo make install-policy
```
## Riferimenti
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

178
content/client/linux/SELinux/_index.ja.md
View File

@@ -1,178 +0,0 @@
---
title: SELinux
weight: 100
---
一部のディストリビューションFedoraなどでは、SELinuxがデフォルトで有効になっており、RustDeskサービスが正常に開始・実行できなくなります。
ターミナルで `sestatus` を実行して、SELinuxが有効になっているかどうかを確認できます。
有効かどうかによって、以下のような2つの異なる出力が表示されます
```sh
# 有効
SELinux status: enabled
...
# 無効
SELinux status: disabled
...
```
## SELinuxポリシーの追加
SELinuxの紹介については、[SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)を参照してください。
ここでは、Fedora 38を例にSELinuxポリシーを追加する方法を紹介します。
```sh
sudo dnf install selinux-policy-devel make
```
SELinuxポリシーを追加するには、プロセスのセキュリティコンテキストにあるサービスの種類を決定する必要があります。
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` は RustDeskプロセスのセキュリティコンテキストで、3番目のフィールド `init_t` がプロセスの種類です。
SELinux型ルールを記述する方法は2つあります
1. デフォルトの `init_t` にルールを追加する。
2. 新しい型 `rustdesk_t` を追加してルールを追加する。
最初の方法は比較的小さな変更ですが、デフォルトの `init_t` が変更されるため、`init_t` 型を使用する他のサービスに認可を追加することと同等です。**使用は推奨されません。**
2番目の方法は、ゼロからルールを追加することです。追加する必要があるルールが多く、異なるシステムでは違いがある可能性があります。実際の使用中にいくつかの調整が必要になる場合があります。
### デフォルト型の使用
RustDeskサービスのデフォルト型は `init_t` で、これは[SELinuxのコンテキスト継承ルール](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context)によって決定されます。
**注意**:デフォルト型を変更すると、他のサービスのポリシーも変更される可能性があります。この方法は慎重に使用してください!
ルールファイル `rustdesk.te` を編集します:
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
実行:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
### 型 `rustdesk_t` の作成
1. 新しいディレクトリを作成:`mkdir rustdesk-selinux-1.0`
2. SELinuxポリシーファイルを作成`touch Makefile rustdesk.te rustdesk.fc rustdesk.if`
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` はメインのポリシーファイルです。
この例では、このファイルは主に3つの部分から構成されています
1. GitHubのselinux-policyリポジトリの[`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te)。
2. 監査ログ、`grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`
3. テストシステムの `init_t` ポリシー、`sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`
一部のポリシーは重複しており、一部は冗長ですが、`rustdesk_t` で動作するため問題ありません。
**SELinuxポリシーファイルの複雑さと詳細な技術的内容のため、簡潔性のため完全な技術設定内容はここでは省略されています。完全な設定については英語版を参照してください。**
## SELinuxポリシーの自動生成sepolicy
```sh
$ # 依存関係をインストール
$ sudo dnf install -y rpm rpm-build binutils
$ # ポリシーを生成
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # rustdesk.teを編集
$
$
$ # rpmパッケージrustdesk_selinux-1.0-1.fc38.src.rpmを生成
$ sudo ./rustdesk.sh
$ # パッケージをインストール
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # サービスを再起動
$ sudo systemctl restart rustdesk
```
### 反復的なポリシーの追加
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # rustdesk_tmp.teをrustdesk.teにマージ
$ make clean && make && sudo make install-policy
```
## 参考文献
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

178
content/client/linux/SELinux/_index.pt.md
View File

@@ -1,178 +0,0 @@
---
title: SELinux
weight: 100
---
Algumas distribuições (como Fedora) habilitam SELinux por padrão, o que fará com que o serviço RustDesk falhe ao iniciar e executar normalmente.
Você pode executar `sestatus` no terminal para verificar se o SELinux está habilitado.
Dependendo se está habilitado ou não, você pode ver duas saídas diferentes como a seguir:
```sh
# Habilitado
SELinux status: enabled
...
# Desabilitado
SELinux status: disabled
...
```
## Adicionar Políticas SELinux
Para uma introdução ao SELinux, consulte [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials).
Aqui usamos o Fedora 38 como exemplo para introduzir como adicionar políticas SELinux.
```sh
sudo dnf install selinux-policy-devel make
```
Adicionar políticas SELinux requer determinar o tipo de serviço, que está no contexto de segurança do processo.
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` é o contexto de segurança do processo RustDesk, onde o terceiro campo `init_t` é o tipo do processo.
Existem duas maneiras de escrever regras de tipo SELinux:
1. Adicionar regras ao `init_t` padrão.
2. Adicionar um novo tipo `rustdesk_t` e adicionar regras.
O primeiro método tem modificações relativamente menores, mas porque o `init_t` padrão é alterado, é equivalente a adicionar autorização a outros serviços usando o tipo `init_t`. **Não recomendado para uso.**
O segundo método é adicionar regras do zero. Haverá muitas regras que precisam ser adicionadas, e diferentes sistemas podem ter diferenças. Pode ser necessário fazer alguns ajustes durante o uso real.
### Usar o Tipo Padrão
O tipo padrão do serviço RustDesk é `init_t`, que é determinado pelas [regras de herança de contexto do SELinux](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context).
**Cuidado**: Modificar o tipo padrão significa que as políticas de outros serviços também podem mudar. Use este método com cuidado!
Edite o arquivo de regras `rustdesk.te`:
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
Execute:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
### Criar um tipo `rustdesk_t`
1. Criar um novo diretório: `mkdir rustdesk-selinux-1.0`.
2. Criar arquivos de política SELinux: `touch Makefile rustdesk.te rustdesk.fc rustdesk.if`.
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` é o arquivo de política principal.
Neste exemplo, este arquivo vem principalmente de 3 partes:
1. [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te) no repositório selinux-policy do GitHub.
2. Log de auditoria, `grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`.
3. A política `init_t` do sistema de teste, `sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`.
Algumas políticas são duplicadas e algumas são redundantes, mas isso é ok, pois funciona no `rustdesk_t`.
**Devido à complexidade dos arquivos de política SELinux e seu conteúdo técnico detalhado, o conteúdo de configuração técnica completa é omitido aqui para brevidade. Consulte a versão em inglês para a configuração completa.**
## Geração Automática de Política SELinux (sepolicy)
```sh
$ # instalar dependências
$ sudo dnf install -y rpm rpm-build binutils
$ # gerar política
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # Editar o rustdesk.te
$
$
$ # gerar pacote rpm rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # instalar pacote
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # reiniciar o serviço
$ sudo systemctl restart rustdesk
```
### Adicionar Políticas Iterativamente
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # mesclar rustdesk_tmp.te no rustdesk.te
$ make clean && make && sudo make install-policy
```
## Referências
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

1837
content/client/linux/SELinux/_index.zh-cn.md
View File

File diff suppressed because it is too large Load Diff

180
content/client/linux/SELinux/_index.zh-tw.md
View File

@@ -1,180 +0,0 @@
---
title: SELinux
weight: 100
---
某些發行版(如 Fedora預設啟用 SELinux這會導致 RustDesk 服務無法正常啟動和執行。
您可以在終端機中執行 `sestatus` 來檢查 SELinux 是否已啟用。
根據是否啟用,您可以看到以下兩種不同的輸出:
```sh
# 已啟用
SELinux status: enabled
...
# 已停用
SELinux status: disabled
...
```
## 新增 SELinux 政策
關於 SELinux 的介紹,請參考 [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)。
這裡以 Fedora 38 為例介紹如何新增 SELinux 政策。
```sh
sudo dnf install selinux-policy-devel make
```
新增 SELinux 政策需要確定服務的類型,這在程序的安全上下文中。
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` 是 RustDesk 程序的安全上下文,其中第三個欄位 `init_t` 是程序的類型。
有兩種編寫 SELinux 類型規則的方法:
1. 將規則新增到預設的 `init_t`
2. 新增一個新類型 `rustdesk_t` 並新增規則。
第一種方法修改相對較少,但因為改變了預設的 `init_t`,相當於為其他使用 `init_t` 類型的服務新增授權。**不建議使用。**
第二種方法是從頭新增規則。需要新增很多規則,不同系統可能有差異。在實際使用過程中可能需要做一些調整。
### 使用預設類型
RustDesk 服務的預設類型是 `init_t`,這是由 [SELinux 的上下文繼承規則](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context) 決定的。
**注意**:修改預設類型意味著其他服務的政策也可能改變。請謹慎使用此方法!
編輯規則檔案 `rustdesk.te`
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
執行:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
### 建立類型 `rustdesk_t`
1. 建立新目錄:`mkdir rustdesk-selinux-1.0`
2. 建立 SELinux 政策檔案:`touch Makefile rustdesk.te rustdesk.fc rustdesk.if`
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` 是主要的政策檔案。
在這個例子中,這個檔案主要來自 3 個部分:
1. GitHub selinux-policy 儲存庫中的 [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te)。
2. 稽核日誌,`grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`
3. 測試系統的 `init_t` 政策,`sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`
有些政策是重複的,有些是冗餘的,但這沒關係,因為它在 `rustdesk_t` 上有效。
每個檔案的內容如下。
**由於 SELinux 政策檔案非常複雜且包含大量技術細節,為了簡潔起見,這裡省略了完整的技術配置內容。完整的配置請參考英文版本。**
## 自動生成 SELinux 政策 (sepolicy)
```sh
$ # 安裝依賴項
$ sudo dnf install -y rpm rpm-build binutils
$ # 生成政策
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # 編輯 rustdesk.te
$
$
$ # 生成 rpm 套件 rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # 安裝套件
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # 重新啟動服務
$ sudo systemctl restart rustdesk
```
### 迭代新增政策
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # 將 rustdesk_tmp.te 合併到 rustdesk.te
$ make clean && make && sudo make install-policy
```
## 參考資料
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

85
content/client/linux/_index.es.md
View File

@@ -4,56 +4,97 @@ weight: 4
---
## Instalación
------
- Ubuntu (>= 16)
```
# Ignora el reporte de uso incorrecto del disco {wrong disk usage}.
### Ubuntu ( 18)
```sh
# por favor ignore el reporte erróneo de uso del disco
sudo apt install -fy ./rustdesk-<version>.deb
```
- CentOS/Fedora (>=18)
Para Ubuntu 18.04, por favor haga lo siguiente primero para [pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883).
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
- Arch/Manjaro
```
### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
- Opensuse (>= Leap 15.0)
```
### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
## ~~X11 Required~~
~~RustDesk aún no admite wayland, debe cambiar a X11. RustDesk lo guiará para cambiar a X11.~~
### AppImage
```sh
# Para Fedora
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
```sh
# Para Ubuntu
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
## ~~X11 requerido~~
~~RustDesk aún no admite Wayland; necesita cambiar manualmente a X11.~~
RustDesk ahora tiene soporte experimental para Wayland desde la versión 1.2.0.
### Servidor de visualización
Ubuntu: https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
Fedora: https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/
### Pantalla de inicio de sesión
Arch: https://bbs.archlinux.org/viewtopic.php?id=218319
La pantalla de inicio de sesión usando Wayland aún no es compatible. Si desea acceder a la pantalla de inicio de sesión después de reiniciar o cerrar sesión con RustDesk, necesita cambiar la pantalla de inicio de sesión a X11, por favor modifique la línea siguiente a `WaylandEnable=false` en `/etc/gdm/custom.conf` o `/etc/gdm3/custom.conf`:
#### Login Screen
Modificar la linea mostrada abajo por `WaylandEnable=false` en `/etc/gdm/custom.conf` o `/etc/gdm3/custom.conf`.
```
```ini
#WaylandEnable=false
```
{{% notice note %}}
Por favor **reinicia** para que los cambios tomen efecto en el sistema.
Por favor **reinicie** para que los cambios anteriores tomen efecto.
{{% /notice %}}
### Problemas de permisos
Si el proceso RustDesk --server no esta corriendo, es decir, no hay salida al ejecutar `ps -ef | grep -E 'rustdesk +--server'`.
Entonces probablemente hay un problema de permisos.
Si SELinux está habilitado, RustDesk no funcionará correctamente en entornos X11 o Wayland, [problemas](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues) relacionados.
Ve a [SELinux](./selinux/) para añadir políticas de SELinux.
Puede ejecutar:
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
{{% notice note %}}
El número entre paréntesis después de `audit` es la marca de tiempo.
{{% /notice %}}
Si la salida contiene `avc: denied`, necesita agregar políticas de SELinux, por favor consulte [SELinux](https://rustdesk.com/docs/es/client/linux/selinux/).

70
content/client/linux/_index.fr.md
View File

@@ -3,52 +3,98 @@ title: Linux
weight: 4
---
## Installation
### Ubuntu (>= 16)
### Ubuntu ( 18)
```bash
```sh
# veuillez ignorer le rapport d'utilisation du disque erroné
sudo apt install -fy ./rustdesk-<version>.deb
```
### CentOS/Fedora (>=18)
Pour Ubuntu 18.04, veuillez d'abord faire ce qui suit pour [pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883).
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
### Arch/Manjaro
### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
### Opensuse (>= Leap 15.0)
### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
## ~~X11 nécessaire~~
~~RustDesk ne prend pas encore en charge wayland ; vous devez passer manuellement à X11.~~
### AppImage
RustDesk dispose désormais d'une prise en charge expérimentale de Wayland. Vous devrez peut-être télécharger la version nightly pour activer cette fonctionnalité.
```sh
# Pour Fedora
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
```sh
# Pour Ubuntu
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
## ~~X11 requis~~
~~RustDesk ne prend pas encore en charge Wayland ; vous devez passer manuellement à X11.~~
RustDesk dispose désormais d'une prise en charge expérimentale de Wayland depuis la version 1.2.0.
### Serveur d'affichage
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch](https://bbs.archlinux.org/viewtopic.php?id=218319)
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
### Écran de connexion
Modifiez la ligne ci-dessous en `WaylandEnable=false` dans `/etc/gdm/custom.conf` ou `/etc/gdm3/custom.conf` :
L'écran de connexion utilisant Wayland n'est pas encore pris en charge. Si vous souhaitez accéder à l'écran de connexion après le redémarrage ou la déconnexion avec RustDesk, vous devez changer l'écran de connexion en X11, veuillez modifier la ligne ci-dessous en `WaylandEnable=false` dans `/etc/gdm/custom.conf` ou `/etc/gdm3/custom.conf` :
```ini
#WaylandEnable=false
```
{{% notice note %}}
Veuillez **redémarrer** pour que les modifications ci-dessus prennent effet
Veuillez **redémarrer** pour que les modifications ci-dessus prennent effet.
{{% /notice %}}
### Problèmes de permissions
Si SELinux est activé, RustDesk ne fonctionnera pas correctement dans les environnements X11 ou Wayland, [problèmes](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues) connexes.
Vous pouvez exécuter :
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
{{% notice note %}}
Le nombre entre parenthèses après `audit` est l'horodatage.
{{% /notice %}}
Si la sortie contient `avc: denied`, vous devez ajouter des politiques SELinux, veuillez vous référer à [SELinux](https://rustdesk.com/docs/fr/client/linux/selinux/).

96
content/client/linux/_index.it.md
View File

@@ -3,4 +3,98 @@ title: Linux
weight: 4
---
[English](/docs/en/client/linux/)
## Installazione
### Ubuntu (≥ 18)
```sh
# si prega di ignorare il report errato sull'utilizzo del disco
sudo apt install -fy ./rustdesk-<version>.deb
```
Per Ubuntu 18.04, eseguire prima quanto segue per [pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883).
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### AppImage
```sh
# Per Fedora
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
```sh
# Per Ubuntu
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
## ~~X11 Richiesto~~
~~RustDesk non supporta ancora Wayland; è necessario passare manualmente a X11.~~
RustDesk ora ha il supporto sperimentale per Wayland dalla versione 1.2.0.
### Server di Visualizzazione
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
### Schermata di Login
La schermata di login che utilizza Wayland non è ancora supportata. Se vuoi accedere alla schermata di login dopo il riavvio o il logout con RustDesk, devi cambiare la schermata di login in X11, modifica la riga seguente in `WaylandEnable=false` in `/etc/gdm/custom.conf` o `/etc/gdm3/custom.conf`:
```ini
#WaylandEnable=false
```
{{% notice note %}}
Si prega di **riavviare** per rendere effettive le modifiche sopra.
{{% /notice %}}
### Problemi di Permessi
Se SELinux è abilitato, RustDesk non funzionerà correttamente né in ambienti X11 né Wayland, [problemi](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues) correlati.
Puoi eseguire:
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
{{% notice note %}}
Il numero tra parentesi dopo `audit` è il timestamp.
{{% /notice %}}
Se l'output contiene `avc: denied`, è necessario aggiungere le politiche SELinux, fare riferimento a [SELinux](https://rustdesk.com/docs/it/client/linux/selinux/).

96
content/client/linux/_index.ja.md
View File

@@ -3,4 +3,98 @@ title: Linux
weight: 4
---
[English](/docs/en/client/linux/)
## インストール
### Ubuntu (≥ 18)
```sh
# 誤ったディスク使用量レポートは無視してください
sudo apt install -fy ./rustdesk-<version>.deb
```
Ubuntu 18.04の場合、[pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883)のために最初に以下を実行してください。
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### AppImage
```sh
# Fedoraの場合
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
```sh
# Ubuntuの場合
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
## ~~X11が必要~~
~~RustDeskはまだWaylandをサポートしていません。手動でX11に切り替える必要があります。~~
RustDeskは、バージョン1.2.0から実験的なWaylandサポートを提供しています。
### ディスプレイサーバー
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
### ログイン画面
Waylandを使用するログイン画面はまだサポートされていません。RustDeskで再起動またはログアウト後にログイン画面にアクセスしたい場合は、ログイン画面をX11に変更する必要があります。`/etc/gdm/custom.conf`または`/etc/gdm3/custom.conf`の以下の行を`WaylandEnable=false`に変更してください:
```ini
#WaylandEnable=false
```
{{% notice note %}}
上記の変更を有効にするには**再起動**してください。
{{% /notice %}}
### 権限の問題
SELinuxが有効になっている場合、RustDeskはX11でもWayland環境でも正しく動作しません。関連する[問題](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues)。
次のコマンドを実行できます:
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
{{% notice note %}}
`audit`の後の括弧内の数字はタイムスタンプです。
{{% /notice %}}
出力に`avc: denied`が含まれている場合は、SELinuxポリシーを追加する必要があります。[SELinux](https://rustdesk.com/docs/ja/client/linux/selinux/)を参照してください。