X2Go Bug report logs - #438
x2goserver and rhel6.4 / selinux Problem

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Thu, 27 Feb 2014 09:10:02 UTC

Severity: normal

Tags: moreinfo, not-a-bug

Found in version 4.0.1.13

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #36 received at 438@bugs.x2go.org (full text, mbox, reply):

Received: (at 438) by bugs.x2go.org; 28 Feb 2014 11:12:45 +0000
From frank@igpm.rwth-aachen.de  Fri Feb 28 12:12:44 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.2
Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187])
	by ymir (Postfix) with ESMTP id 86FCA5DB16
	for <438@bugs.x2go.org>; Fri, 28 Feb 2014 12:12:44 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; 
   d="scan'208";a="173270397"
Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1])
  by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 12:12:44 +0100
Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44])
	by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72)
	(envelope-from <frank@igpm.rwth-aachen.de>)
	id 1WJLMy-0007gs-4e; Fri, 28 Feb 2014 12:12:44 +0100
Received: from france.igpm.rwth-aachen.de ([134.130.161.63])
	by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72)
	(envelope-from <frank@indy5.igpm.rwth-aachen.de>)
	id 1WJLMx-000BBH-U8; Fri, 28 Feb 2014 12:12:44 +0100
Message-ID: <53106F2B.4000507@igpm.rwth-aachen.de>
Date: Fri, 28 Feb 2014 12:12:43 +0100
From: Frank Knoben <admin@igpm.rwth-aachen.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
CC: 438@bugs.x2go.org
Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem
References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de>
In-Reply-To: <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: frank@igpm.rwth-aachen.de
Hi Mike,

thank you very much for the proposal, where I could fix the problem for 
my system.
But I still have to think, how to make a permanent workaround in the 
x2gostartagent script.

- if I use icewm windowmanager with selinux and x2goserver / x2goclient 
everything is fine and the .Xauthority file has the right permissions
- if I use the kde or gnome  windowmanager the .Xauthority permissions 
will be modified to the wrong permissions
- when the home directory is on a nfsserver with no selinux installed 
and the x2goserver system uses selinux, there is no problem at all.
  Trying to fix the selinux permissions will give the error message 
'Operation not supported'

So I think, it is a problem of the kde and gnome windowmanager.
For the kde windowmanager, I put a chcon statement at the end of the 
/usr/bin/startkde script.
I'm still looking for a workaround for the gnome windowmanager.

Sincerly

Frank

> Nonono... I actually think there is something wrong with X2Go Server.
>
> X2Go Client / PyHoca-GUI (another X2Go client app) should immitate 
> what SSH does.
>
> As the X2Go clients call the script /usr/bin/x2gostartagent and this 
> script fiddles with the .Xauthority files via xauth, we should make 
> sure that after modifying the .Xauthority file the SELinux permissions 
> stay intact.
>
> Can you please add your proposed chcon command into x2gostartagent 
> (near line 268, there is another position further up for shadow 
> sessions) after xauth has been called and see it that fixes your 
> troubles.
>
> Next step: please provide me with an if clause that will test if 
> SELinux is in use or not, so we can call chcon only if SELinux is in 
> use on that system.
>
> Thanks+Greets,
> Mike
>


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Nov 24 00:21:55 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.