sorry for the longtime being absent from this blog. But marriage and a child takes time and the blog was the first to go. But I will restart writing blog posts today with a project I started a couple of days ago.
Selinux and the Citrix Reciever
I have to use the Citrix Reciever to access the Citrix farm in our company. This is the only way to access the company network remotely. But I don’t like to run it as unconfined_t on my Fedora 25. So I sat down and created a selinux modules to limit the access of this close source software on my system. In the process I found that it tries to read the mozilla profile and other stuff that I didn’t like and I therefore disabled this. The code is available on GitHub. Simply install the citrix reciever with the rpm from the Citrix website.
This is only a fast and dirty solution. If you want to clean in up, I look forward to it. If I have time I will clean in up, but maybe someone is faster then me (aka. has more sparetime) 😉
I will not give ANY waranty. If it breaks for you it is your problem.
After the installation of Citirx you can run it like this.
sudo dnf install make selinux-policy-devel git clone https://github.com/JensKuehnel/selinux-citrixreciever.git cd selinux-citrixrecievermakesudo make load sudo restorecon -Rv /opt/Citrix/
It works for me, if you run into any problems tell me. I have a dontaudit rule against accessing mozilla_home_t. It still runs perfectly for me.
Next things on my selinux list is tlp-thinkpad. To put selinux rule in for tlp to run with akmod-acpi_call from the TLP Website.