Control: retitle -1 nxagent fails to come up on servers using  
polyinstantiated /tmp directories
Control: reassign -1 nxagent
Control: blocks -1 #406

On  Di 27 Mai 2014 21:40:08 CEST, Orion Poplawski wrote:

> Package: x2goserver
>
>
> -------- Original Message --------
> Subject: [Bug 1100985] New: x2go clients fail to connect to servers  
> using polyinstantiated /tmp directories
> Date: Sun, 25 May 2014 00:13:13 +0000
> From: bugzilla@redhat.com
> To: orion@cora.nwra.com
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1100985
>
>             Bug ID: 1100985
>            Summary: x2go clients fail to connect to servers using
>                     polyinstantiated /tmp directories
>            Product: Fedora EPEL
>            Version: el6
>          Component: x2goserver
>           Assignee: orion@cora.nwra.com
>           Reporter: rgm+rh@gnu.org
>         QA Contact: extras-qa@fedoraproject.org
>                 CC: orion@cora.nwra.com
>
>
>
> Hi,
>
>
> Description of problem:
>
> If the RHEL6 host that acts as the server for x2go has enabled  
> polyinstantiated
> /tmp directories as per
>
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html
>
> then x2go clients cannot connect. They fail with
>
>   The remote proxy closed the connection while negotiating
>   the session. This may be due to the wrong authentication
>   credentials passed to the server.
>
> It seems that x2go needs the directory /tmp/.X11-unix/ to exist, be owned
> by root, and be mode 1777.
>
>
> Version-Release number of selected component (if applicable):
>
> x2goserver-4.0.1.13-4.el6.x86_64
> RHEL 6.5
>
>
> How reproducible:
>
> 100%.
>
>
> Steps to Reproduce:
> 1. Uncomment the line in /etc/security/namespace.conf that reads:
> #/tmp     /tmp-inst/           level      root,adm
>
> 2. Try to log in to that host via x2goclient.
>
>
> Actual results:
>
> x2go fails.
>
>
> Expected results:
>
> x2go works.
>
>
> Additional info:
>
> A workaround is to add something like the following to the end of
> /etc/security/namespace.init:
>
> if [ "$1" = "/tmp" ]; then
>     XSOCKDIR=/tmp/.X11-unix
>     if [ ! -d $XSOCKDIR ]; then
>         mkdir $XSOCKDIR
>         chmod 1777 $XSOCKDIR
>     fi
> fi
>
> It would be great if x2go could fix this itself though.
> Ideally it would either not need /tmp/.X11-unix, or be able to  
> create it itself
> when needed.
>
>
> Thanks.


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb