Hello Mike,
the problem is, that I'm not an expert on selinux too.
But I did some more tests.
Interactive Session - first login, the ~/.Xauthority file is
created
and stays after logout with the permissions system_u:object_r:default_t:s0
I am still able to login in interactively again.
But with this permissions, I got the Cookie mismatch problem, when
using the x2goclient.
And when I login with ssh to the computer, I got a xauth error
message:
/usr/bin/xauth: ~/.Xauthority not writable, changes will be
ignored
Now I remove all .Xauthority* files. Then a login with ssh will
create the ~/.Xauthority file
with the system_u:object_r:xauth_home_t:s0 permissions and
the files stays with
these permissions after logout.
Now when I use the x2goclient, the file permissions change during
the login process from
system_u:object_r:xauth_home_t:s0 to system_u:object_r:default_t:s0
and stay
that way after logout. The same, as it is with interactive
sessions.
So I guess, everything is fine with the x2goserver software and
this is not a bug.
My problem is, that ssh is not able to overwrite the .Xauthority
file, when it has the
default permissions of system_u:object_r:default_t:s0 .
Therefore the x2goclient is
not able to start a successful session and gets the Cookie
mismatch error.
So I think, you can close this bugreport.
Thank you very much for your quick response and please excuse my
mistake in
thinking that this was a x2goserver bug.
Sincerly
Frank
Frank Knoben
Institut fuer Geometrie und Praktische Mathematik
RWTH Aachen
Aachen,
Germany
On 02/27/2014 04:30 PM, Mike Gabriel wrote:
Control: tag -1 moreinfo
Hi Frank,
---------------------------
ls -Z .Xauthority
-rw-------. frank users unconfined_u:object_r:default_t:s0
.Xauthority
--------------------------
Then I do a logout. Now, when I try to connect again to the x2go
server system, I get
the following error message on the client side and no session is
started.
-----------------------------
.....
"Warning: Cookie mismatch in the X authentication data.
"
"Session: Terminating session at 'Thu Feb 27 09:40:05 2014'.
Info: Your session was closed before reaching a usable state.
Info: This can be due to the local X server refusing access to
the client.
Info: Please check authorization provided by the remote X
application.
Session: Session terminated at 'Thu Feb 27 09:40:05 2014'.
"
deleting proxy
nxproxy not running
proxy deleted
-----------------------------------
But when I change the selinux permissions to
------
ls -Z .Xauthority
-rw-------. frank users unconfined_u:object_r:xauth_home_t:s0
.Xauthority
What are the SELinux permissions after you have logged out?
Do you need that chcon command call when resuming sessions or when
starting sessions.
Excuse my SELinux innocence at this point. I would like to add
support for SELinux, but I need to understand better why we have
to tweak the security context of .Xauthority for X2Go.
Thanks+Greets,
Mike