Hi Mike,

the file permissions only need to be fixed for the next login.
During startup, the xauth command needs the selinux file permissions
of *unconfined_u:object_r:xauth_home_t:s0* or of 
*unconfined_u:object_r:user_home_t:s0* to the .Xauthority file,
so that it can overwrite the file with the new Xauthority Information.
After that, everything works fine for the session.
At least for my test, where I did login and opened a terminal window.
Maybe I should try opening some more kde and gnome applications.
On my system, it is ok, when the permissions will be fixed at logout time.

Sincerly

Frank


On 02/28/2014 01:20 PM, Mike Gabriel wrote:
> Hi Frank,
>
> On  Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote:
>
>> Hi Mike,
>>
>> what about the following solution / proposal for the x2goruncommand 
>> script:
>>
>>
>> ....
>> # run logout scripts
>>
>> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t`
>> if test -n $FIX_AUTH
>> then
>>   /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority
>> fi
>>
>>
>> test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout
>>
>> ...
>>
>> this fixes the selinux file permission in case, it it set to 
>> system_u:object_r:default_t:s0
>> It works on my system.
>>
>> sincerly
>>
>> Frank
>
> The position where you propose adding the fix does not seem right to 
> me. As the file permissions will stay "wrong" for the duration of the 
> session and will only be corrected after the session has ended.
>
> Do I understand it correctly, that the file permissions need adaptions 
> directly after session startup (i.e. after launching the session 
> (destop) command)?
>
> Greets,
> Mike
>
>