From unknown Sat Jun 06 14:16:44 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#438: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem Reply-To: Frank Knoben , 438@bugs.x2go.org Resent-From: Frank Knoben Original-Sender: frank@igpm.rwth-aachen.de Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 04 Mar 2014 11:05:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 438 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: moreinfo Received: via spool by 438-submit@bugs.x2go.org id=B438.139393096021138 (code B ref 438); Tue, 04 Mar 2014 11:05:01 +0000 Received: (at 438) by bugs.x2go.org; 4 Mar 2014 11:02:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) by ymir (Postfix) with ESMTP id 6824A5DB13 for <438@bugs.x2go.org>; Tue, 4 Mar 2014 12:02:39 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,584,1389740400"; d="scan'208";a="261743979" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-1.rz.rwth-aachen.de with ESMTP; 04 Mar 2014 12:02:39 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WKn7P-0003uW-1E; Tue, 04 Mar 2014 12:02:39 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WKn7O-0006K2-Jd; Tue, 04 Mar 2014 12:02:38 +0100 Message-ID: <5315B2CE.6000500@igpm.rwth-aachen.de> Date: Tue, 04 Mar 2014 12:02:38 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Orion Poplawski , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> In-Reply-To: <53111696.8050600@cora.nwra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de When I put the lines in the x2gostartagent script after the XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} line, the permissions will be fixed on login and not on logout. Unfortunately, restorcon sets the permissions to system_u:object_r:default_t:s0 and this does not work on my system. Instead of fixing the selinux .Xauthority permissions, the file could also be deleted on login, if it existed. Something like: if test -f $HOME/.Xauthority then rm $HOME/.Xauthority fi But it could also be, that my selinux system is misconfigured in some strange way, so that other people, who run the system, don't have this problem. Frank On 03/01/2014 12:07 AM, Orion Poplawski wrote: > On 02/28/2014 05:15 AM, Frank Knoben wrote: >> Hi Mike, >> >> what about the following solution / proposal for the x2goruncommand >> script: >> >> >> .... >> # run logout scripts >> >> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >> if test -n $FIX_AUTH >> then >> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 >> $HOME/.Xauthority >> fi >> > > I would suggest using restorecon to set the label. > >