extern/doc.rustdesk.com
1
0
Fork 1
mirror of https://github.com/rustdesk/doc.rustdesk.com.git synced 2025-08-17 20:11:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

full translation

Browse Source
This commit is contained in:
rustdesk
2025-06-14 21:21:30 +08:00
parent 7b128fba05
commit 22c2b2350a
287 changed files with 26657 additions and 4884 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
content/client/linux/SELinux/_index.fr.md Normal file
View File

@@ -0,0 +1,178 @@
---
title: SELinux
weight: 100
---
Certaines distributions (comme Fedora) activent SELinux par défaut, ce qui empêchera le service RustDesk de démarrer et de fonctionner normalement.
Vous pouvez exécuter `sestatus` dans le terminal pour vérifier si SELinux est activé.
Selon qu'il soit activé ou non, vous pouvez voir deux sorties différentes comme suit :
```sh
# Activé
SELinux status: enabled
...
# Désactivé
SELinux status: disabled
...
```
### Ajouter des politiques SELinux
Pour une introduction à SELinux, veuillez vous référer à [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials).
Ici, nous prenons Fedora 38 comme exemple pour présenter comment ajouter des politiques SELinux.
```sh
sudo dnf install selinux-policy-devel make
```
L'ajout de politiques SELinux nécessite de déterminer le type de service, qui se trouve dans le contexte de sécurité du processus.
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` est le contexte de sécurité du processus RustDesk, où le troisième champ `init_t` est le type du processus.
Il existe deux façons d'écrire les règles de type SELinux :
1. Ajouter des règles au `init_t` par défaut.
2. Ajouter un nouveau type `rustdesk_t` et ajouter des règles.
La première méthode a des modifications relativement mineures, mais parce que le `init_t` par défaut est modifié, cela équivaut à ajouter une autorisation à d'autres services utilisant le type `init_t`. **Non recommandé pour l'utilisation.**
La deuxième méthode consiste à ajouter des règles à partir de zéro. Il y aura de nombreuses règles qui doivent être ajoutées, et différents systèmes peuvent avoir des différences. Il peut être nécessaire de faire quelques ajustements lors de l'utilisation réelle.
#### Utiliser le type par défaut
Le type par défaut du service RustDesk est `init_t`, qui est déterminé par [les règles d'héritage de contexte de SELinux](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context).
**Attention** : Modifier le type par défaut signifie que les politiques d'autres services peuvent également changer. Veuillez utiliser cette méthode avec prudence !
Modifiez le fichier de règles `rustdesk.te` :
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
Exécutez :
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
#### Créer un type `rustdesk_t`
1. Créer un nouveau répertoire : `mkdir rustdesk-selinux-1.0`.
2. Créer des fichiers de politique SELinux : `touch Makefile rustdesk.te rustdesk.fc rustdesk.if`.
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` est le fichier de politique principal.
Dans cet exemple, ce fichier provient principalement de 3 parties :
1. [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te) dans le dépôt selinux-policy de GitHub.
2. Journal d'audit, `grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`.
3. La politique `init_t` du système de test, `sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`.
Certaines politiques sont dupliquées et certaines sont redondantes, mais c'est correct puisque cela fonctionne sur `rustdesk_t`.
**En raison de la complexité des fichiers de politique SELinux et de leur contenu technique détaillé, le contenu de configuration technique complet est omis ici pour des raisons de concision. Veuillez vous référer à la version anglaise pour la configuration complète.**
### Génération automatique de politique SELinux (sepolicy)
```sh
$ # installer les dépendances
$ sudo dnf install -y rpm rpm-build binutils
$ # générer la politique
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # Modifier le rustdesk.te
$
$
$ # générer le package rpm rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # installer le package
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # redémarrer le service
$ sudo systemctl restart rustdesk
```
#### Ajouter des politiques de manière itérative
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # fusionner rustdesk_tmp.te dans rustdesk.te
$ make clean && make && sudo make install-policy
```
### Références
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

178
content/client/linux/SELinux/_index.it.md Normal file
View File

@@ -0,0 +1,178 @@
---
title: SELinux
weight: 100
---
Alcune distribuzioni (come Fedora) abilitano SELinux per impostazione predefinita, il che causerà il fallimento dell'avvio e dell'esecuzione normale del servizio RustDesk.
Puoi eseguire `sestatus` nel terminale per verificare se SELinux è abilitato.
A seconda che sia abilitato o meno, puoi vedere due output diversi come segue:
```sh
# Abilitato
SELinux status: enabled
...
# Disabilitato
SELinux status: disabled
...
```
### Aggiungere Politiche SELinux
Per un'introduzione a SELinux, si prega di fare riferimento a [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials).
Qui prendiamo Fedora 38 come esempio per introdurre come aggiungere politiche SELinux.
```sh
sudo dnf install selinux-policy-devel make
```
L'aggiunta di politiche SELinux richiede di determinare il tipo di servizio, che si trova nel contesto di sicurezza del processo.
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` è il contesto di sicurezza del processo RustDesk, dove il terzo campo `init_t` è il tipo del processo.
Ci sono due modi per scrivere le regole di tipo SELinux:
1. Aggiungere regole al `init_t` predefinito.
2. Aggiungere un nuovo tipo `rustdesk_t` e aggiungere regole.
Il primo metodo ha modifiche relativamente minori, ma poiché il `init_t` predefinito viene modificato, è equivalente ad aggiungere autorizzazione ad altri servizi che utilizzano il tipo `init_t`. **Non raccomandato per l'uso.**
Il secondo metodo è aggiungere regole da zero. Ci saranno molte regole che devono essere aggiunte, e sistemi diversi possono avere differenze. Potrebbe essere necessario fare alcuni aggiustamenti durante l'uso effettivo.
#### Usare il Tipo Predefinito
Il tipo predefinito del servizio RustDesk è `init_t`, che è determinato dalle [regole di ereditarietà del contesto di SELinux](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context).
**Attenzione**: Modificare il tipo predefinito significa che anche le politiche di altri servizi potrebbero cambiare. Si prega di usare questo metodo con cautela!
Modifica il file delle regole `rustdesk.te`:
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
Esegui:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
#### Creare un tipo `rustdesk_t`
1. Creare una nuova directory: `mkdir rustdesk-selinux-1.0`.
2. Creare file di politica SELinux: `touch Makefile rustdesk.te rustdesk.fc rustdesk.if`.
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` è il file di politica principale.
In questo esempio, questo file proviene principalmente da 3 parti:
1. [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te) nel repository selinux-policy di GitHub.
2. Log di audit, `grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`.
3. La politica `init_t` del sistema di test, `sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`.
Alcune politiche sono duplicate e alcune sono ridondanti, ma va bene poiché funziona su `rustdesk_t`.
**A causa della complessità dei file di politica SELinux e del loro contenuto tecnico dettagliato, il contenuto di configurazione tecnica completo è omesso qui per brevità. Si prega di fare riferimento alla versione inglese per la configurazione completa.**
### Generazione Automatica di Politiche SELinux (sepolicy)
```sh
$ # installare dipendenze
$ sudo dnf install -y rpm rpm-build binutils
$ # generare politica
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # Modificare il rustdesk.te
$
$
$ # generare pacchetto rpm rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # installare pacchetto
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # riavviare il servizio
$ sudo systemctl restart rustdesk
```
#### Aggiungere Politiche Iterativamente
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # unire rustdesk_tmp.te in rustdesk.te
$ make clean && make && sudo make install-policy
```
### Riferimenti
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

178
content/client/linux/SELinux/_index.ja.md Normal file
View File

@@ -0,0 +1,178 @@
---
title: SELinux
weight: 100
---
一部のディストリビューションFedoraなどでは、SELinuxがデフォルトで有効になっており、RustDeskサービスが正常に開始・実行できなくなります。
ターミナルで `sestatus` を実行して、SELinuxが有効になっているかどうかを確認できます。
有効かどうかによって、以下のような2つの異なる出力が表示されます
```sh
# 有効
SELinux status: enabled
...
# 無効
SELinux status: disabled
...
```
### SELinuxポリシーの追加
SELinuxの紹介については、[SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)を参照してください。
ここでは、Fedora 38を例にSELinuxポリシーを追加する方法を紹介します。
```sh
sudo dnf install selinux-policy-devel make
```
SELinuxポリシーを追加するには、プロセスのセキュリティコンテキストにあるサービスの種類を決定する必要があります。
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` は RustDeskプロセスのセキュリティコンテキストで、3番目のフィールド `init_t` がプロセスの種類です。
SELinux型ルールを記述する方法は2つあります
1. デフォルトの `init_t` にルールを追加する。
2. 新しい型 `rustdesk_t` を追加してルールを追加する。
最初の方法は比較的小さな変更ですが、デフォルトの `init_t` が変更されるため、`init_t` 型を使用する他のサービスに認可を追加することと同等です。**使用は推奨されません。**
2番目の方法は、ゼロからルールを追加することです。追加する必要があるルールが多く、異なるシステムでは違いがある可能性があります。実際の使用中にいくつかの調整が必要になる場合があります。
#### デフォルト型の使用
RustDeskサービスのデフォルト型は `init_t` で、これは[SELinuxのコンテキスト継承ルール](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context)によって決定されます。
**注意**:デフォルト型を変更すると、他のサービスのポリシーも変更される可能性があります。この方法は慎重に使用してください!
ルールファイル `rustdesk.te` を編集します:
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
実行:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
#### 型 `rustdesk_t` の作成
1. 新しいディレクトリを作成:`mkdir rustdesk-selinux-1.0`
2. SELinuxポリシーファイルを作成`touch Makefile rustdesk.te rustdesk.fc rustdesk.if`
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` はメインのポリシーファイルです。
この例では、このファイルは主に3つの部分から構成されています
1. GitHubのselinux-policyリポジトリの[`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te)。
2. 監査ログ、`grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`
3. テストシステムの `init_t` ポリシー、`sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`
一部のポリシーは重複しており、一部は冗長ですが、`rustdesk_t` で動作するため問題ありません。
**SELinuxポリシーファイルの複雑さと詳細な技術的内容のため、簡潔性のため完全な技術設定内容はここでは省略されています。完全な設定については英語版を参照してください。**
### SELinuxポリシーの自動生成sepolicy
```sh
$ # 依存関係をインストール
$ sudo dnf install -y rpm rpm-build binutils
$ # ポリシーを生成
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # rustdesk.teを編集
$
$
$ # rpmパッケージrustdesk_selinux-1.0-1.fc38.src.rpmを生成
$ sudo ./rustdesk.sh
$ # パッケージをインストール
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # サービスを再起動
$ sudo systemctl restart rustdesk
```
#### 反復的なポリシーの追加
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # rustdesk_tmp.teをrustdesk.teにマージ
$ make clean && make && sudo make install-policy
```
### 参考文献
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

1720
content/client/linux/SELinux/_index.pt.md
View File

File diff suppressed because it is too large Load Diff

180
content/client/linux/SELinux/_index.zh-tw.md Normal file
View File

@@ -0,0 +1,180 @@
---
title: SELinux
weight: 100
---
某些發行版(如 Fedora預設啟用 SELinux這會導致 RustDesk 服務無法正常啟動和執行。
您可以在終端機中執行 `sestatus` 來檢查 SELinux 是否已啟用。
根據是否啟用,您可以看到以下兩種不同的輸出:
```sh
# 已啟用
SELinux status: enabled
...
# 已停用
SELinux status: disabled
...
```
### 新增 SELinux 政策
關於 SELinux 的介紹,請參考 [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)。
這裡以 Fedora 38 為例介紹如何新增 SELinux 政策。
```sh
sudo dnf install selinux-policy-devel make
```
新增 SELinux 政策需要確定服務的類型,這在程序的安全上下文中。
```sh
$ ps -eZ | grep rustdesk
system_u:system_r:init_t:s0 80439 ? 00:00:02 rustdesk
```
`system_u:system_r:init_t:s0` 是 RustDesk 程序的安全上下文,其中第三個欄位 `init_t` 是程序的類型。
有兩種編寫 SELinux 類型規則的方法:
1. 將規則新增到預設的 `init_t`
2. 新增一個新類型 `rustdesk_t` 並新增規則。
第一種方法修改相對較少,但因為改變了預設的 `init_t`,相當於為其他使用 `init_t` 類型的服務新增授權。**不建議使用。**
第二種方法是從頭新增規則。需要新增很多規則,不同系統可能有差異。在實際使用過程中可能需要做一些調整。
#### 使用預設類型
RustDesk 服務的預設類型是 `init_t`,這是由 [SELinux 的上下文繼承規則](https://wiki.gentoo.org/wiki/SELinux/Tutorials/How_does_a_process_get_into_a_certain_context) 決定的。
**注意**:修改預設類型意味著其他服務的政策也可能改變。請謹慎使用此方法!
編輯規則檔案 `rustdesk.te`
```text
module rustdesk 1.0;
require {
type event_device_t;
type xserver_t;
type xserver_port_t;
type sudo_exec_t;
type init_t;
type ephemeral_port_t;
type user_tmp_t;
type user_fonts_cache_t;
type pulseaudio_home_t;
type session_dbusd_tmp_t;
type unconfined_dbusd_t;
class process execmem;
class file { open read create write execute execute_no_trans map setattr lock link unlink };
class unix_stream_socket connectto;
class tcp_socket name_connect;
class dir { add_name remove_name };
class sock_file write;
class chr_file { open read write } ;
}
#============= init_t ==============
allow init_t xserver_t:unix_stream_socket connectto;
allow init_t sudo_exec_t:file { open read execute execute_no_trans };
allow init_t user_tmp_t:file { open write setattr };
allow init_t self:process execmem;
allow init_t user_fonts_cache_t:dir { add_name remove_name };
allow init_t user_fonts_cache_t:file { read write create open link lock unlink };
allow init_t xserver_port_t:tcp_socket name_connect;
allow init_t pulseaudio_home_t:file { read write open lock };
allow init_t session_dbusd_tmp_t:sock_file write;
allow init_t unconfined_dbusd_t:unix_stream_socket connectto;
#!!!! This AVC can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t sudo_exec_t:file map;
#============= init_t Wayland ==============
allow init_t event_device_t:chr_file { open read write };
#!!!! This AVC can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_tmp_t:file map;
```
執行:
```sh
$ checkmodule -M -m -o rustdesk.mod rustdesk.te && semodule_package -o rustdesk.pp -m rustdesk.mod && sudo semodule -i rustdesk.pp
$ sudo semodule -l | grep rustdesk
```
#### 建立類型 `rustdesk_t`
1. 建立新目錄:`mkdir rustdesk-selinux-1.0`
2. 建立 SELinux 政策檔案:`touch Makefile rustdesk.te rustdesk.fc rustdesk.if`
```text
.
├── Makefile
├── rustdesk.fc
├── rustdesk.if
└── rustdesk.te
```
`rustdesk.te` 是主要的政策檔案。
在這個例子中,這個檔案主要來自 3 個部分:
1. GitHub selinux-policy 儲存庫中的 [`init.te`](https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/system/init.te)。
2. 稽核日誌,`grep rustdesk /var/log/audit/audit.log | audit2allow -a -M test`
3. 測試系統的 `init_t` 政策,`sesearch -A | grep 'allow init_t ' | sed 's/allow init_t /allow rustdesk_t /g'`
有些政策是重複的,有些是冗餘的,但這沒關係,因為它在 `rustdesk_t` 上有效。
每個檔案的內容如下。
**由於 SELinux 政策檔案非常複雜且包含大量技術細節,為了簡潔起見,這裡省略了完整的技術配置內容。完整的配置請參考英文版本。**
### 自動生成 SELinux 政策 (sepolicy)
```sh
$ # 安裝依賴項
$ sudo dnf install -y rpm rpm-build binutils
$ # 生成政策
$ sepolicy generate --init /usr/lib/rustdesk/rustdesk
$ tree
.
├── rustdesk.fc
├── rustdesk.if
├── rustdesk_selinux.spec
├── rustdesk.sh
└── rustdesk.te
$ # 編輯 rustdesk.te
$
$
$ # 生成 rpm 套件 rustdesk_selinux-1.0-1.fc38.src.rpm
$ sudo ./rustdesk.sh
$ # 安裝套件
$ sudo dnf install -y rustdesk_selinux-1.0-1.fc38.src.rpm
$ # 重新啟動服務
$ sudo systemctl restart rustdesk
```
#### 迭代新增政策
```sh
$ cd /tmp
$ grep rustdesk_t /var/log/audit/audit.log | audit2allow -a -M rustdesk_tmp
$ cd <rustdesk-selinux-1.0>
$ # 將 rustdesk_tmp.te 合併到 rustdesk.te
$ make clean && make && sudo make install-policy
```
### 參考資料
- [SELinux/Tutorials](https://wiki.gentoo.org/wiki/SELinux/Tutorials)
- [SELinux Policy module installation](https://fedoraproject.org/wiki/SELinux/IndependentPolicy#SELinux_Policy_module_installation)
- [How to create SELinux custom policy rpm package](https://lukas-vrabec.com/index.php/2015/07/07/how-to-create-selinux-custom-policy-rpm-package/)

53
content/client/linux/_index.nl.md
View File

@@ -1,53 +0,0 @@
---
title: Linux
weight: 4
---
### Installatie
#### Ubuntu (>= 16)
```bash
# please ignore the wrong disk usage report
sudo apt install -fy ./rustdesk-<version>.deb
```
#### CentOS/Fedora (>=18)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
#### Arch/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
#### Opensuse (>= Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### ~~X11 Vereist~~
~~RustDesk ondersteunt wayland nog niet; u moet handmatig overschakelen naar X11.~~
RustDesk heeft nu experimentele Wayland-ondersteuning. Je moet mogelijk de nightly-versie downloaden om deze functie in te schakelen.
#### Toon Server
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch](https://bbs.archlinux.org/viewtopic.php?id=218319)
#### Login Scherm
Wijzig onderstaande regel in `WaylandEnable=false` in `/etc/gdm/custom.conf` of `/etc/gdm3/custom.conf`:
```ini
#WaylandEnable=false
```
{{% notice note %}}
**herstart** om bovenstaande wijzigingen in werking te laten treden
{{% /notice %}}

42
content/client/linux/_index.pt.md Executable file → Normal file
View File

@@ -3,22 +3,16 @@ title: Linux
weight: 4
---
### Instalação do RustDesk
### Instalação
#### Ubuntu (≥ 18)
{{% notice note %}}
Observação: Você pode ignorar qualquer relatório incorreto de uso do disco durante a instalação.
{{% /notice %}}
```sh
# Instale o RustDesk usando o arquivo DEB
sudo apt install -fy ./rustdesk-<versão>.deb
# por favor ignore o relatório de uso de disco incorreto
sudo apt install -fy ./rustdesk-<version>.deb
```
##### Ubuntu 18.04
Devido a uma dependência do RustDesk, é necessário instalar o Pipewire antes de prosseguir. Siga as instruções abaixo para instalar o [Pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883) no Ubuntu 18.04
Para Ubuntu 18.04, faça primeiro o seguinte para [pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883).
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
@@ -52,24 +46,25 @@ sudo yum install libnsl
```
```sh
# For Ubuntu
# Para Ubuntu
sudo yum install libfuse2
./rustdesk-<versão>.AppImage
./rustdesk-<version>.AppImage
```
#### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<versão>.flatpak
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
#### Suporte Wayland
### ~~X11 Necessário~~
~~RustDesk ainda não suporta Wayland; você precisa mudar para X11 manualmente.~~
O RustDesk possui suporte experimental ao Wayland desde a versão 1.2.0.
RustDesk agora tem suporte experimental ao Wayland desde a versão 1.2.0.
#### Servidor de Exibição
#### Servidor de Display
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
@@ -77,20 +72,21 @@ O RustDesk possui suporte experimental ao Wayland desde a versão 1.2.0.
#### Tela de Login
A tela de login usando Wayland ainda não é suportada. Se você deseja acessar a tela de login após reiniciar ou sair com o RustDesk, é necessário alterar a tela de login para X11. Modifique a linha abaixo para `WaylandEnable=false` em `/etc/gdm/custom.conf` ou `/etc/gdm3/custom.conf`:
A tela de login usando Wayland ainda não é suportada. Se você quiser acessar a tela de login após reiniciar ou sair com o RustDesk, você precisa alterar a tela de login para X11, por favor modifique a linha abaixo para `WaylandEnable=false` em `/etc/gdm/custom.conf` ou `/etc/gdm3/custom.conf`:
```ini
#WaylandEnable=false
```
{{% notice note %}}
É necessário reiniciar o sistema para que as alterações tenham efeito.
Por favor **reinicie** para que as alterações acima tenham efeito.
{{% /notice %}}
#### Problemas de permissão com SELinux
Se o SELinux estiver habilitado, o RustDesk não funcionará corretamente nos ambientes X11 ou Wayland. Veja os problemas [relacionados](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues) (em inglês).
#### Problema de Permissões
Você pode executar o seguinte comando para verificar se há problemas de permissão:
Se o SELinux estiver habilitado, o RustDesk não funcionará corretamente nem em ambientes X11 nem Wayland, relacionado aos [problemas](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues).
Você pode executar:
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
@@ -98,7 +94,7 @@ type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=
```
{{% notice note %}}
O número entre parênteses após `audit` é um registro de data e hora.
O número entre parênteses após `audit` é o timestamp.
{{% /notice %}}
Se a saída do comando contiver `avc: denied`, significa que há permissões negadas pelo SELinux. Para corrigir isso, você precisa adicionar políticas SELinux. Veja as instruções em [SELinux](https://rustdesk.com/docs/pt/client/linux/selinux/).
Se a saída contiver `avc: denied`, você precisa adicionar políticas do SELinux, por favor consulte [SELinux](https://rustdesk.com/docs/en/client/linux/selinux/).

52
content/client/linux/_index.ru.md
View File

@@ -1,52 +0,0 @@
---
title: Linux
weight: 4
---
### Установка
------
- Ubuntu (>= 16)
```
# игнорируйте предупреждение "wrong disk usage"
sudo apt install -fy ./rustdesk-<version>.deb
```
- CentOS/Fedora (>=18)
```
sudo yum localinstall ./rustdesk-<version>.rpm
```
- Arch/Manjaro
```
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
- Opensuse (>= Leap 15.0)
```
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### ~~X11 обязателен~~
~~RustDesk пока не поддерживает Wayland. Необходимо перейти на X11 вручную.~~
В RustDesk теперь есть экспериментальная поддержка Wayland. Возможно, вам потребуется скачать ночную версию, чтобы включить эту функцию.
#### Сервер отображения
Ubuntu: https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop
Fedora: https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/
Arch: https://bbs.archlinux.org/viewtopic.php?id=218319
##### Экран входа в систему
Измените параметр `WaylandEnable` в `/etc/gdm/custom.conf` или `/etc/gdm3/custom.conf`.
```
#WaylandEnable=false
```
{{% notice note %}}
**Перезагрузите** ваш компьютер, чтобы применить изменения
{{% /notice %}}

54
content/client/linux/_index.tr.md
View File

@@ -1,54 +0,0 @@
---
title: Linux
weight: 4
---
### Kurulum
#### Ubuntu (>= 16)
```bash
# Lütfen yanlış disk kullanım raporunu görmezden gelin
sudo apt install -fy ./rustdesk-<sürüm>.deb
```
#### CentOS/Fedora (>= 18)
```sh
sudo yum localinstall ./rustdesk-<sürüm>.rpm
```
#### Arch/Manjaro
```sh
sudo pacman -U ./rustdesk-<sürüm>.pkg.tar.zst
```
#### Opensuse (>= Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<sürüm>-suse.rpm
```
### ~~X11 Gereklidir~~
~~RustDesk henüz Wayland'ı desteklemiyor; manuel olarak X11'e geçiş yapmanız gerekiyor.~~
RustDesk artık deneysel Wayland desteğine sahip. Bu özelliği etkinleştirmek için [gece yıllık sürümünü](https://github.com/rustdesk/rustdesk/releases/tag/nightly) indirmeniz gerekebilir.
#### Ekran Sunucusu
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch](https://bbs.archlinux.org/viewtopic.php?id=218319)
#### Giriş Ekranı
Aşağıdaki satırı `/etc/gdm/custom.conf` veya `/etc/gdm3/custom.conf` içinde `WaylandEnable=false` olarak değiştirin:
```ini
#WaylandEnable=false
```
{{% notice note %}}
Yukarıdaki değişikliklerin etkili olması için lütfen **yeniden başlatın**
{{% /notice %}}

73
content/client/linux/_index.zh-cn.md
View File

@@ -1,71 +1,100 @@
---
title: Linux
title: Linux
weight: 4
---
### 安装
#### Ubuntu (>= 16)
#### Ubuntu ( 18)
```bash
# 请忽略磁盘错误使用报告
```sh
# 请忽略错误的磁盘使用报告
sudo apt install -fy ./rustdesk-<version>.deb
```
#### CentOS/Fedora (>= 18)
对于Ubuntu 18.04,请首先为[pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883)执行以下操作。
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
#### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
#### Arch/Manjaro
#### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
#### Opensuse (>= Leap 15.0)
#### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### ~~需要 X11~~
#### AppImage
~~RustDesk 尚未支持 Wayland; 您需要手动切换到 X11。~~
```sh
# 对于Fedora
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
RustDesk 现在有实验性的 Wayland 支持,您可能需要下载 [nightly version](https://github.com/rustdesk/rustdesk/releases/tag/nightly) 来启用这一特性。
```sh
# 对于Ubuntu
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
#### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
### ~~需要X11~~
~~RustDesk尚不支持Wayland您需要手动切换到X11。~~
RustDesk从版本1.2.0开始具有实验性Wayland支持。
#### 显示服务器
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch](https://bbs.archlinux.org/viewtopic.php?id=218319)
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
#### 登屏幕
#### 登屏幕
`/etc/gdm/custom.conf``/etc/gdm3/custom.conf` 中,将如下的该行更改为 `WaylandEnable=false`
尚不支持使用Wayland的登录屏幕。如果您希望在重启或注销后使用RustDesk访问登录屏幕您需要将登录屏幕更改为X11`/etc/gdm/custom.conf``/etc/gdm3/custom.conf`中将以下行修改为`WaylandEnable=false`
```ini
#WaylandEnable=false
```
{{% notice note %}}
请**重新启动**使上述更生效
请**重**使上述更生效
{{% /notice %}}
#### 权限问题
如果启用了 SELinux ,那么无论是 X11 环境 还是 Wayland 环境 RustDesk 都无法正常工作
如果启用了SELinuxRustDesk在X11或Wayland环境中都无法正常工作,相关[问题](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues)
您可以运行如下命令
您可以运行:
```bash
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
**注意**: audit 后面括号内的数字是时间戳。
{{% notice note %}}
`audit`后括号中的数字是时间戳。
{{% /notice %}}
如果`avc: denied` 的输出,则需要添加 SElinux 策略,请参[SELinux](./selinux/)。
如果输出包含`avc: denied`,您需要添加SELinux策略请参[SELinux](https://rustdesk.com/docs/en/client/linux/selinux/)。

74
content/client/linux/_index.zh-tw.md
View File

@@ -5,50 +5,96 @@ weight: 4
### 安裝
#### Ubuntu (>= 16)
#### Ubuntu ( 18)
```bash
# 請忽略磁碟使用錯誤回
```sh
# 請忽略錯誤的磁碟使用報
sudo apt install -fy ./rustdesk-<version>.deb
```
#### CentOS/Fedora (>=18)
對於Ubuntu 18.04,請首先為[pipewire](https://github.com/rustdesk/rustdesk/discussions/6148#discussioncomment-9295883)執行以下操作。
```sh
sudo apt install software-properties-common
sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
sudo apt update
```
#### CentOS/Fedora (≥ 28)
```sh
sudo yum localinstall ./rustdesk-<version>.rpm
```
#### Arch/Manjaro
#### Arch Linux/Manjaro
```sh
sudo pacman -U ./rustdesk-<version>.pkg.tar.zst
```
#### Opensuse (>= Leap 15.0)
#### openSUSE (≥ Leap 15.0)
```sh
sudo zypper install --allow-unsigned-rpm ./rustdesk-<version>-suse.rpm
```
### ~~需要 X11~~
~~RustDesk 尚未支援 wayland您需要手動切換至 X11。~~
#### AppImage
RustDesk 現已支援 Wayland (測試中),您可能需要下載 Nightly 版來啟用此功能。
```sh
# 對於Fedora
sudo yum install libnsl
./rustdesk-<version>.AppImage
```
```sh
# 對於Ubuntu
sudo yum install libfuse2
./rustdesk-<version>.AppImage
```
#### Flatpak
```sh
flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak --user install ./rustdesk-<version>.flatpak
flatpak run com.rustdesk.RustDesk
```
### ~~需要X11~~
~~RustDesk尚不支援Wayland您需要手動切換到X11。~~
RustDesk從版本1.2.0開始具有實驗性Wayland支援。
#### 顯示伺服器
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch](https://bbs.archlinux.org/viewtopic.php?id=218319)
[Ubuntu](https://askubuntu.com/questions/1260142/ubuntu-set-default-login-desktop) |
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/configuring-xorg-as-default-gnome-session/) |
[Arch Linux](https://bbs.archlinux.org/viewtopic.php?id=218319)
#### 登入畫面
`/etc/gdm/custom.conf``/etc/gdm3/custom.conf` 中,將該行更改為 `WaylandEnable=false`
尚不支援使用Wayland的登入畫面。如果您希望在重啟或登出後使用RustDesk存取登入畫面您需要將登入畫面更改為X11`/etc/gdm/custom.conf``/etc/gdm3/custom.conf`中將以下行修改為`WaylandEnable=false`
```ini
#WaylandEnable=false
```
{{% notice note %}}
請**重新啟動**以套用上述變更
請**重啟**以使上述更改生效。
{{% /notice %}}
#### 權限問題
如果啟用了SELinuxRustDesk在X11或Wayland環境中都無法正常工作相關[問題](https://github.com/search?q=repo%3Arustdesk%2Frustdesk+SElinux&type=issues)。
您可以執行:
```sh
$ sudo grep 'comm="rustdesk"' /var/log/audit/audit.log | tail -1
type=AVC msg=audit(1697902459.165:707): avc: denied { name_connect } for pid=31346 comm="rustdesk" dest=53330 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket permissive=0
```
{{% notice note %}}
`audit`後括號中的數字是時間戳記。
{{% /notice %}}
如果輸出包含`avc: denied`您需要新增SELinux策略請參閱[SELinux](https://rustdesk.com/docs/en/client/linux/selinux/)。