From unknown Thu May 21 06:36:03 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#438: x2goserver and rhel6.4 / selinux Problem Reply-To: Frank Knoben , 438@bugs.x2go.org Resent-From: Frank Knoben Original-Sender: frank@igpm.rwth-aachen.de Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 28 Feb 2014 11:15:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 438 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: moreinfo Received: via spool by 438-submit@bugs.x2go.org id=B438.13935859651910 (code B ref 438); Fri, 28 Feb 2014 11:15:01 +0000 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 11:12:45 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 86FCA5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 12:12:44 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; d="scan'208";a="173270397" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 12:12:44 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJLMy-0007gs-4e; Fri, 28 Feb 2014 12:12:44 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJLMx-000BBH-U8; Fri, 28 Feb 2014 12:12:44 +0100 Message-ID: <53106F2B.4000507@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 12:12:43 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> In-Reply-To: <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Mike, thank you very much for the proposal, where I could fix the problem for my system. But I still have to think, how to make a permanent workaround in the x2gostartagent script. - if I use icewm windowmanager with selinux and x2goserver / x2goclient everything is fine and the .Xauthority file has the right permissions - if I use the kde or gnome windowmanager the .Xauthority permissions will be modified to the wrong permissions - when the home directory is on a nfsserver with no selinux installed and the x2goserver system uses selinux, there is no problem at all. Trying to fix the selinux permissions will give the error message 'Operation not supported' So I think, it is a problem of the kde and gnome windowmanager. For the kde windowmanager, I put a chcon statement at the end of the /usr/bin/startkde script. I'm still looking for a workaround for the gnome windowmanager. Sincerly Frank > Nonono... I actually think there is something wrong with X2Go Server. > > X2Go Client / PyHoca-GUI (another X2Go client app) should immitate > what SSH does. > > As the X2Go clients call the script /usr/bin/x2gostartagent and this > script fiddles with the .Xauthority files via xauth, we should make > sure that after modifying the .Xauthority file the SELinux permissions > stay intact. > > Can you please add your proposed chcon command into x2gostartagent > (near line 268, there is another position further up for shadow > sessions) after xauth has been called and see it that fixes your > troubles. > > Next step: please provide me with an if clause that will test if > SELinux is in use or not, so we can call chcon only if SELinux is in > use on that system. > > Thanks+Greets, > Mike >