Citrix Reciever and SELinux

Hi Internet,

sorry for the longtime being absent from this blog. But marriage and a child takes time and the blog was the first to go. But I will restart writing blog posts today with a project I started a couple of days ago.

Selinux and the Citrix Reciever

I have to use the Citrix Reciever to access the Citrix farm in our company. This is the only way to access the company network remotely. But I don’t like to run it as unconfined_t on my Fedora 25. So I sat down and created a selinux modules to limit the access of this close source software on my system. In the process I found that it tries to read the mozilla profile and other stuff that I didn’t like and I therefore disabled this. The code is available on GitHub. Simply install the citrix reciever with the rpm from the Citrix website.

This is only a fast and dirty solution. If you want to clean in up, I look forward to it. If I have time I will clean in up, but maybe someone is faster then me (aka. has more sparetime) 😉

I will not give ANY waranty. If it breaks for you it is your problem.

After the installation of Citirx you can run it like this.

sudo dnf install make selinux-policy-devel
git clone https://github.com/JensKuehnel/selinux-citrixreciever.git
cd selinux-citrixrecievermakesudo 
make load
sudo restorecon -Rv /opt/Citrix/

It works for me, if you run into any problems tell me. I have a dontaudit rule against accessing mozilla_home_t. It still runs perfectly for me.

Next things on my selinux list is tlp-thinkpad. To put selinux rule in for tlp to run with akmod-acpi_call from the TLP Website.

This entry was posted in Fedora, Linux and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

one + eleven =