From mike.gabriel@das-netzwerkteam.de Fri Feb 28 13:20:52 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:20:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 2479D5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:20:52 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id DCF381EC5F; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id CFA4F3BD70; Fri, 28 Feb 2014 13:20:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sf4suoCPfmJQ; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 961093B93D; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 28 Feb 2014 12:20:51 +0000 Date: Fri, 28 Feb 2014 12:20:51 +0000 Message-ID: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> From: Mike Gabriel To: Frank Knoben Cc: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> In-Reply-To: <53107DED.6080206@igpm.rwth-aachen.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_a4WIwoZfp4UPt8IIvx6euA1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_a4WIwoZfp4UPt8IIvx6euA1 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Hi Frank, On Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote: > Hi Mike, > > what about the following solution / proposal for the x2goruncommand script: > > > .... > # run logout scripts > > FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` > if test -n $FIX_AUTH > then > /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority > fi > > > test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout > > ... > > this fixes the selinux file permission in case, it it set to > system_u:object_r:default_t:s0 > It works on my system. > > sincerly > > Frank The position where you propose adding the fix does not seem right to me. As the file permissions will stay "wrong" for the duration of the session and will only be corrected after the session has ended. Do I understand it correctly, that the file permissions need adaptions directly after session startup (i.e. after launching the session (destop) command)? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_a4WIwoZfp4UPt8IIvx6euA1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTEH8jAAoJEJr0azAldxsxxUcQAJ/uHu7a8mdbFpJq0rPe0XQ/ 0yWZHZbmX7fQV+fhcopQl/XSozsLZd8FA6CH7fLrPpHXRp9bJv42V4OMePq6DKUq CHYhpFNOAD0srEmECWj2r97TMxLbqGtTxoZIDvgqDwlVWweMZkyQgcN1fyceIFSq LLE3ijV0torUni15UownaLs5s9IGv1mVkfg6EYT2WhAyigzdXZqB10ZLogkkyY3w t4n1nnTLL3M1PZDXv3OBXmw02NpYHTZNmxyYlbO/G/+dnxmBTtSNFEQ0VRHYiAZx 6WOQ8uvFk8SEW7Uef7kcWmBmGtioWHpfTFLHBKeOSoXpgTHfrknZoMnoJFek2tQq oxtywIh1/ISm6amZrmjfmtXTp8VRwkvHGmWXEo9dxuEadVAWVADIsYMDaXROBAyI usYi2jXZ7saTqJc7nIBqxYVUp4+IWEI8nuGD3pCIGylO1LXDj2XW/ten+7Pz3p6b kSlU+AqUIVsRwSk72oggP0vRDlh6ppWk5IFaDnb5Y6R4py6CM+PRU4ErpSXgV21h OCQGCfzUfABxfBDmwHllUeevDxuGowZKTGxtXevh4eO8FJkXZhhBnfQmDFz1gNJZ fekW3gO5mTWBNc190gsl+MBD/Io0Cnt9hoU7jWxpbZVBlbjafW7Q/LKyW6lLnZAk GxHVkJIMRY3Af8dGOM4x =Cqwf -----END PGP SIGNATURE----- --=_a4WIwoZfp4UPt8IIvx6euA1--