The following instructions will lead you to make your NX node run in a chroot environment built on a Fedora Core 5 distribution and using the Jailkit set utilities , built from source.

You can easily adapt this example to make NX run in Jail on any other distributions or use the Jailkit precompiled binaries.

Please note that before proceeding with the creation of the chroot environment you need to install NX. 

More instructions on how to install NX can be found here: 

Install NX Client 3.5.0 https://www.nomachine.com/DT12I00005
Install NX Node   3.5.0 https://www.nomachine.com/DT12I00006
Install NX Server 3.5.0 https://www.nomachine.com/DT12I00007


Download, compile and install Jailkit

'Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands'.

More information about this can be found at:

http://olivier.sessink.nl/jailkit/
   

The Jailkit source code is available for download at: 

http://olivier.sessink.nl/jailkit/jailkit-2.1.tar.gz

Then you need to compile Jailkit on your machine:

# tar zxvf jailkit-2.1.tar.gz
# ./configure
# make
# make install

and add the following NX-related entries at the end of the /etc/jailkit/jk_init.ini file. Be sure to list all the NX executables, they may be different in different versions. Example below is made for NX Node 2.0.0.

[nx]
comment = NX
executables
= /usr/NX/bin/nxserver, /usr/NX/bin/nxclient, /usr/NX/bin/nxesd, /usr/NX/bin/nxkill, /usr/NX/bin/nxprint, /usr/NX/bin/nxservice, /usr/NX/bin/nxssh, /usr/NX/bin/nxagent, /usr/NX/bin/nxdesktop, /usr/NX/bin/nxnode, /usr/NX/bin/nxpasswd, /usr/NX/bin/nxsensor, /usr/NX/bin/nxspool, /usr/NX/bin/nxuexec, /usr/NX/bin/nxviewer directories = /usr/NX
includesections = uidbasics, netbasics, logbasics, ssh, basicshell,
extendedshell, chown, mount, umount, xauth, xterm, xclock, which,
xfonts, expr, tee, xset, dirname, hostname, basename
devices = /dev/null

[chown]
comment = chown
executables = /bin/chown

[mount]
comment = mount
executables = /bin/mount

[umount]
comment = umount
executables = /bin/umount

[expr]
comment = expr
executables = /usr/bin/expr

[tee]
comment = tee
executables = /usr/bin/tee

[xauth]
comment = getting X authentication to work
executables = /usr/bin/xauth
regularfiles = /usr/share/X11/rgb.txt, /etc/ld.so.conf

[xset]
comment = xset
executables = /usr/bin/xset

[hostname]
comment = hostname
executables = /bin/hostname

[basename]
comment = basename
executables = /bin/basename

[dirname]
comment = dirname
executables = /usr/bin/dirname

[xterm]
comment = xterm
executables = /usr/bin/xterm
directories = /usr/share/terminfo
devices = /dev/ptmx
regularfiles = /etc/termcap

[which]
comment = which
executables = /usr/bin/which

[xfonts]
comment = xfonts
directories = /usr/share/X11/fonts


Preparing the chroot environment

Run: 
# jk_init -v /home/chrootusers nx
 
Add a user to /etc/passwd, for example 'john':
john:x:1002:100::/home/chrootusers/./home/john:/usr/sbin/jk_chrootsh 

Add the user to '/etc/shadow':
john:*:13405:0:99999:7:::

Set password for the user:
passwd john

Add the user to '/home/chrootusers/etc/passwd':
john:x:1002:100::/home/john:/bin/bash 

Add the 'users' group to '/home/chrootusers/etc/group':
users:x:100:

Create the home directory for the user:
# mkdir /home/chrootusers/home/john
# chown john:users /home/chrootusers/home/john

Create a bash init file to overdrive SHELL variable:
# echo "SHELL=/bin/bash" >> /home/chrootusers/home/john/.bashrc
# chown john:users /home/chrootusers/home/john/.bashrc

Change environment to your new chroot environment:
# chroot /home/chrootusers

Create tmp directory:
# mkdir /tmp
# chmod ugo+rwx /tmp/

Mount the proc filesystem:
# mkdir /proc
# mount -t proc none /proc

Mount the devpts filesystem:
# mkdir /dev/pts/
# mount -t devpts none /dev/pts

Execute the NX node setup script:
# /usr/NX/scripts/setup/nxnode --install redhat

You should now be able to start a console session as the sample user 'john' inside a chrooted environment. 

Please choose in the NX Client GUI 3.5.0 -> General -> Desktop panel to run a Unix -> Custom session and select 'Run the console' in the Custom - Settings -> Application Panel. 

Once you have verified that the NX session starts correctly, you can then add additional programs to your chroot environment, as Firefox, KDE, GNOME etc...