Hello Mike,

the problem is, that I'm not an expert on selinux too.
But I did some more tests.

Interactive Session - first login, the ~/.Xauthority file is created
and stays after logout with the permissions  system_u:object_r:default_t:s0
I am still able to login in interactively again.

But with this permissions, I got the Cookie mismatch problem, when using the x2goclient.
And when I login with ssh to the computer, I got a xauth error message:
/usr/bin/xauth:  ~/.Xauthority not writable, changes will be ignored

Now I  remove all .Xauthority* files. Then a login with ssh will create the ~/.Xauthority file
with the system_u:object_r:xauth_home_t:s0 permissions and the files stays with
these permissions after logout.

Now when I use the x2goclient, the file permissions change during the login process from
system_u:object_r:xauth_home_t:s0 to system_u:object_r:default_t:s0  and stay
that way after logout. The same, as it is with interactive sessions.
So I guess, everything is fine with the x2goserver software and
this is not a bug.
My problem is, that ssh is not able to overwrite the .Xauthority file, when it has the
default permissions of system_u:object_r:default_t:s0 .  Therefore the x2goclient is
not able to start a successful session and gets the Cookie mismatch error.

So I think, you can close this bugreport.


Thank you very much for your quick response and please excuse my mistake in
thinking that this was a x2goserver bug.

Sincerly

Frank


Frank Knoben
Institut fuer Geometrie und Praktische Mathematik
RWTH Aachen
Aachen,
Germany





On 02/27/2014 04:30 PM, Mike Gabriel wrote:
Control: tag -1 moreinfo

Hi Frank,

---------------------------

ls -Z .Xauthority
 -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority

--------------------------

Then I do a logout. Now, when I try to connect again to the x2go server system, I get
the following error message on the client side and no session is started.

-----------------------------
.....

"Warning: Cookie mismatch in the X authentication data.
"

"Session: Terminating session at 'Thu Feb 27 09:40:05 2014'.
Info: Your session was closed before reaching a usable state.
Info: This can be due to the local X server refusing access to the client.
Info: Please check authorization provided by the remote X application.
Session: Session terminated at 'Thu Feb 27 09:40:05 2014'.
"

deleting proxy

nxproxy not running

proxy deleted

-----------------------------------

But when I change the selinux permissions to

------

ls -Z .Xauthority

-rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority

What are the SELinux permissions after you have logged out?

Do you need that chcon command call when resuming sessions or when starting sessions.

Excuse my SELinux innocence at this point. I would like to add support for SELinux, but I need to understand better why we have to tweak the security context of .Xauthority for X2Go.

Thanks+Greets,
Mike