[FreeNX-kNX] Session startup failed (was No /usr/NX directory after "yum install freenx" and Authetication failure and nothing helped so far)

Alastair Johnson alastair at solutiontrax.com
Tue Apr 24 08:58:42 UTC 2007 

On Tuesday 24 April 2007 09:26, Thomas Pfrommer wrote:
> Hi again,
> OK now I did a complete startup after clearing everything also I had to
> clear the user nx in /etc/passwd, /etc/shadow and in the two group files
> as well. Also I got a resh sshd_config and a fresh ssh_config from a
> friend who did not mess it up.
> I gave it a next trial with the newest rpms (nx 2.1.0-19.fc6.at-386.rpm
> and freenx 0.6.0-12.fc6.at.i386.rpm)
> got the athentication --> yipiiieee!!

Good to see some  progress

> BUT the session startup failed. OK I googled again enabled loglevel=7
> in  node.conf, also I  activated ENABLE_2_0_0_BACKEND=1 as I am using
> the 2.1.0 backend.
> Hopefully you can help me with this error ....
> The nxserver.log gives following output after some successful logs (at
> least some ;-))
>
> NX> 148 Server capacity: not reached for user: lobs
> NX> 105 startsession  --link="adsl" --backingstore="1" --nodelay="1"
> --encryption="1" --cache="8M" --images="32M" --media="0"
> --session="lobsNX" --type="unix-gnome" --geometry="1024x768+208+53"
> --kbtype="query" --screeninfo="1024x768x32+render"
>
> &link=adsl&backingstore=1&nodelay=1&encryption=1&cache=8M&images=32M&media=
>0&session=lobsNX&type=unix-gnome&geometry=1024x768+208+53&kbtype=query&scree
>ninfo=1024x768x32+render&clientproto=1.5.0&user=lobs&userip=154.20.41.180&un
>iqueid=911474ED5AB68E47B7695E30C529C7E1&display=1000&host=127.0.0.1
>
> lobs at 127.0.0.1's password:
> NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL)
> NX> 1004 Error: NX Agent exited with exit status 1.
> NX> 105 NX> 596 Session startup failed.
> NX> 1006 Session status: closed
> NX> 700 Session id:
> localhost.phas.ubc.ca-1000-911474ED5AB68E47B7695E30C529C7E1
> NX> 705 Session display: 1000
> NX> 703 Session type: unix-gnome
> NX> 701 Proxy cookie: 820116f8ec02ff1edbdca3d7a63a45ff
> NX> 702 Proxy IP: 127.0.0.1
> NX> 706 Agent cookie: 820116f8ec02ff1edbdca3d7a63a45ff
> NX> 704 Session cache: unix-gnome
> NX> 707 SSL tunneling: 1
> NX> 1001 Bye.
>
> Then I activated the SESSION_LOG_CLEAN=0
> and session in home/.nx/F-C<session ID>/ gives following error message
> (there is no "error"-file):
>
> /usr/libexec/nx/nxagent: error while loading shared libraries:
> /usr/lib/nx/libXcomp.so.2: cannot restore segment prot after reloc:
> Permission denied

Not seen this one before.

> Hm this is the directory:
> [root at localhost nx]# ls -l libXc*
> -rwxr-xr-x 1 root root   80020 Mar  4 13:03 libXcompext.so.2
> -rwxr-xr-x 1 root root   80024 Mar  4 13:03 libXcompext.so.2.1.0
> -rwxr-xr-x 1 root root 1108200 Mar  4 13:03 libXcomp.so.2
> -rwxr-xr-x 1 root root 1108204 Mar  4 13:03 libXcomp.so.2.1.0
>
> Should I change the permissions? chmod chown?

Should be fine as they are

> In case it is important 
> (?): The end of my /var/log/messages looks like the follwing:
>
> Apr 23 23:23:03 localhost restorecond: Will not restore a file with more
> than one hard link (/etc/resolv.conf) No such file or directory
> Apr 23 23:25:18 localhost dhclient: DHCPREQUEST on eth0 to
> 142.103.234.100 port 67
> Apr 23 23:25:18 localhost dhclient: DHCPACK from 142.103.234.100
> Apr 23 23:25:18 localhost dhclient: bound to 142.103.234.64 -- renewal
> in 1353 seconds.
> Apr 23 23:47:51 localhost dhclient: DHCPREQUEST on eth0 to
> 142.103.234.100 port 67
> Apr 23 23:47:52 localhost dhclient: DHCPACK from 142.103.234.100
> Apr 23 23:47:52 localhost dhclient: bound to 142.103.234.64 -- renewal
> in 1627 seconds.
> Apr 23 23:59:19 localhost kernel: audit(1177397959.569:4): avc:  denied
> { execmod } for  pid=6547 comm="nxagent" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 23 23:59:19 localhost kernel: audit(1177397959.739:5): avc:  denied
> { execmod } for  pid=6622 comm="xauth" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:05:47 localhost ntpd[4815]: synchronized to 137.82.1.3, stratum 2
> Apr 24 00:14:59 localhost dhclient: DHCPREQUEST on eth0 to
> 142.103.234.100 port 67
> Apr 24 00:14:59 localhost dhclient: DHCPACK from 142.103.234.100
> Apr 24 00:14:59 localhost dhclient: bound to 142.103.234.64 -- renewal
> in 1705 seconds.
> Apr 24 00:15:37 localhost kernel: audit(1177398937.299:6): avc:  denied
> { execmod } for  pid=7183 comm="nxagent" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:15:37 localhost kernel: audit(1177398937.501:7): avc:  denied
> { execmod } for  pid=7267 comm="xauth" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:21:16 localhost kernel: audit(1177399276.055:8): avc:  denied
> { execmod } for  pid=7802 comm="nxagent" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:21:16 localhost kernel: audit(1177399276.245:9): avc:  denied
> { execmod } for  pid=7886 comm="xauth" name="libXcomp.so.2" dev=dm-0
> ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:23:10 localhost kernel: audit(1177399390.821:10): avc:
> denied  { execmod } for  pid=8364 comm="nxagent" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:23:10 localhost kernel: audit(1177399390.888:11): avc:
> denied  { execmod } for  pid=8396 comm="xauth" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:32:54 localhost kernel: audit(1177399974.042:12): avc:
> denied  { execmod } for  pid=8931 comm="nxagent" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:32:54 localhost kernel: audit(1177399974.233:13): avc:
> denied  { execmod } for  pid=9015 comm="xauth" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:40:05 localhost ntpd[4815]: synchronized to LOCAL(0), stratum 10
> Apr 24 00:43:24 localhost dhclient: DHCPREQUEST on eth0 to
> 142.103.234.100 port 67
> Apr 24 00:43:24 localhost dhclient: DHCPACK from 142.103.234.100
> Apr 24 00:43:24 localhost dhclient: bound to 142.103.234.64 -- renewal
> in 1701 seconds.
> Apr 24 00:47:53 localhost kernel: audit(1177400873.632:14): avc:
> denied  { execmod } for  pid=9577 comm="nxagent" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 00:47:53 localhost kernel: audit(1177400873.756:15): avc:
> denied  { execmod } for  pid=9628 comm="xauth" name="libXcomp.so.2"
> dev=dm-0 ino=1569653 scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:lib_t:s0 tclass=file
> Apr 24 01:11:45 localhost dhclient: DHCPREQUEST on eth0 to
> 142.103.234.100 port 67
> Apr 24 01:11:45 localhost dhclient: DHCPACK from 142.103.234.100
> Apr 24 01:11:45 localhost dhclient: bound to 142.103.234.64 -- renewal
> in 1728 seconds.

Hmm...wlid guess here, but do you have SElinux enabled? When it blocks 
something it usually looks like a permissions problem. FC6 enables it by 
default. You can temporarily disable it using:
	setenforce 0
If it starts working after that then it's an SElinux policy problem. The 
simple answer then would be to change the settings in /etc/selinux/config. 
The harder but better answer would be to change the selinux policy to allow 
it to work - just don't ask me how ;-) FC6 is supposed to have tools to make 
it easy, but I've not used them.

> Thanks already for all your suggestions up to now. It seems i am getting
> closer ....
> By the way, NoMachine seems to support shadowing sessions (and also
> transfering the actual real display) with there new server version 3.0.
> Is there plans to implement such a feature in freenx in the near future
> as well?
>
> Thanks a lot
> Cheers
> Thomas
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/
>
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________

More information about the FreeNX-kNX mailing list