X2Go Bug report logs - #438
x2goserver and rhel6.4 / selinux Problem

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Thu, 27 Feb 2014 09:10:02 UTC

Severity: normal

Tags: moreinfo, not-a-bug

Found in version 4.0.1.13

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#438: x2goserver and rhel6.4 / selinux Problem
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 438@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Thu, 27 Feb 2014 15:34:09 +0000
Resent-Message-ID: <handler.438.B438.139351505729453@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 438
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: 
Received: via spool by 438-submit@bugs.x2go.org id=B438.139351505729453
          (code B ref 438); Thu, 27 Feb 2014 15:34:09 +0000
Received: (at 438) by bugs.x2go.org; 27 Feb 2014 15:30:57 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=unavailable version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id 450315DB16;
	Thu, 27 Feb 2014 16:30:49 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id DDEF61EBAE;
	Thu, 27 Feb 2014 16:30:48 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id AB55A3BE19;
	Thu, 27 Feb 2014 16:30:48 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id qPdE82gBTbQ3; Thu, 27 Feb 2014 16:30:48 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 503FF3BD70;
	Thu, 27 Feb 2014 16:30:48 +0100 (CET)
Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de
 [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Thu, 27 Feb 2014 15:30:48 +0000
Date: Thu, 27 Feb 2014 15:30:48 +0000
Message-ID: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 438@bugs.x2go.org
Cc: 438-submitter@bugs.x2go.org
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 134.245.254.47
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101
 Firefox/26.0 Iceweasel/26.0
Content-Type: multipart/signed; boundary="=_qgYGkJEruW5vYviVPniSUw1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
Control: tag -1 moreinfo

Hi Frank,

> ---------------------------
>
> ls -Z .Xauthority
>  -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority
>
> --------------------------
>
> Then I do a logout. Now, when I try to connect again to the x2go  
> server system, I get
> the following error message on the client side and no session is started.
>
> -----------------------------
> .....
>
> "Warning: Cookie mismatch in the X authentication data.
> "
>
> "Session: Terminating session at 'Thu Feb 27 09:40:05 2014'.
> Info: Your session was closed before reaching a usable state.
> Info: This can be due to the local X server refusing access to the client.
> Info: Please check authorization provided by the remote X application.
> Session: Session terminated at 'Thu Feb 27 09:40:05 2014'.
> "
>
> deleting proxy
>
> nxproxy not running
>
> proxy deleted
>
> -----------------------------------
>
> But when I change the selinux permissions to
>
> ------
>
> ls -Z .Xauthority
>
> -rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority

What are the SELinux permissions after you have logged out?

Do you need that chcon command call when resuming sessions or when  
starting sessions.

Excuse my SELinux innocence at this point. I would like to add support  
for SELinux, but I need to understand better why we have to tweak the  
security context of .Xauthority for X2Go.

Thanks+Greets,
Mike



-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Nov 24 02:12:17 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.