From frank@igpm.rwth-aachen.de Thu Feb 27 10:05:38 2014 Received: (at submit) by bugs.x2go.org; 27 Feb 2014 09:05:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) by ymir (Postfix) with ESMTP id 20AD65DB16 for ; Thu, 27 Feb 2014 10:05:38 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,553,1389740400"; d="scan'208";a="261098276" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-1.rz.rwth-aachen.de with ESMTP; 27 Feb 2014 10:05:38 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WIwuP-0001v6-OB for submit@bugs.x2go.org; Thu, 27 Feb 2014 10:05:37 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WIwuP-0009A0-J0 for submit@bugs.x2go.org; Thu, 27 Feb 2014 10:05:37 +0100 Message-ID: <530EFFE1.7070106@igpm.rwth-aachen.de> Date: Thu, 27 Feb 2014 10:05:37 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: x2goserver and rhel6.4 / selinux Problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Package: x2goserver Version: 4.0.1.13 Hello, on a scientific linux 6.4 system with selinux enabled (RedHat Clone) I have the following problem with x2goserver-4.0.1.13-2.el6.x86_64: After connecting with x2goclient to the server system, the .Xauthority file my home directory is created with the following selinx permissions: --------------------------- ls -Z .Xauthority -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority -------------------------- Then I do a logout. Now, when I try to connect again to the x2go server system, I get the following error message on the client side and no session is started. ----------------------------- ..... "Warning: Cookie mismatch in the X authentication data. " "Session: Terminating session at 'Thu Feb 27 09:40:05 2014'. Info: Your session was closed before reaching a usable state. Info: This can be due to the local X server refusing access to the client. Info: Please check authorization provided by the remote X application. Session: Session terminated at 'Thu Feb 27 09:40:05 2014'. " deleting proxy nxproxy not running proxy deleted ----------------------------------- But when I change the selinux permissions to ------ ls -Z .Xauthority -rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority ----- with the command /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 .Xauthority* there is no problem logging in to the x2goserver system the next time. Can this be fixed in the x2goserver software? Sincerly Frank Knoben Institut fuer Geometrie und Praktische Mathematik RWTH Aachen Aachen. Germany From mike.gabriel@das-netzwerkteam.de Thu Feb 27 16:30:49 2014 Received: (at 438) by bugs.x2go.org; 27 Feb 2014 15:30:57 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 450315DB16; Thu, 27 Feb 2014 16:30:49 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id DDEF61EBAE; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id AB55A3BE19; Thu, 27 Feb 2014 16:30:48 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPdE82gBTbQ3; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 503FF3BD70; Thu, 27 Feb 2014 16:30:48 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 27 Feb 2014 15:30:48 +0000 Date: Thu, 27 Feb 2014 15:30:48 +0000 Message-ID: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> From: Mike Gabriel To: 438@bugs.x2go.org Cc: 438-submitter@bugs.x2go.org Subject: Re: x2goserver and rhel6.4 / selinux Problem User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_qgYGkJEruW5vYviVPniSUw1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_qgYGkJEruW5vYviVPniSUw1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Control: tag -1 moreinfo Hi Frank, > --------------------------- > > ls -Z .Xauthority > -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority > > -------------------------- > > Then I do a logout. Now, when I try to connect again to the x2go > server system, I get > the following error message on the client side and no session is started. > > ----------------------------- > ..... > > "Warning: Cookie mismatch in the X authentication data. > " > > "Session: Terminating session at 'Thu Feb 27 09:40:05 2014'. > Info: Your session was closed before reaching a usable state. > Info: This can be due to the local X server refusing access to the client. > Info: Please check authorization provided by the remote X application. > Session: Session terminated at 'Thu Feb 27 09:40:05 2014'. > " > > deleting proxy > > nxproxy not running > > proxy deleted > > ----------------------------------- > > But when I change the selinux permissions to > > ------ > > ls -Z .Xauthority > > -rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority What are the SELinux permissions after you have logged out? Do you need that chcon command call when resuming sessions or when starting sessions. Excuse my SELinux innocence at this point. I would like to add support for SELinux, but I need to understand better why we have to tweak the security context of .Xauthority for X2Go. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_qgYGkJEruW5vYviVPniSUw1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTD1ooAAoJEJr0azAldxsx+qMP/jr5BULzGRDfO39wZ3+2rKTX CtinCtXq6XTobWyg+EyAhlHP4WSMHUN+cvo+YQwY90MpiWUw1d+THvHsYbRPb/Z4 kEV9xH6bdUx6pFjI68atEE2DAhL6mcewZygnN2B7X+/L+KmXi3c9dFA50pbnpQXM etKAl/HmwS0lxX4EJ5BWlb5I4qu5eahs1U4FbZmJSMsKiW1GdgrW2W/j7p7ETEM9 5NQjsxSw6ISWzTb77KF73KSP+GRFvfqEuWkZBMjqlJyv2eYRv9FwMmRpGolaHZbY 3PDakEaOAIESTG+oIjKUzl4WK7h5rzeegggZZMdhKvf07EQ0A7uxKQGmfU8BvWfP uZkw3HuexwwSH6Qp8EpyI/ffwd+R9RrY3MEpTMAmkSoJnatGXXCApgBD1jcZre+c Tw/8de+Z979p5mGN5S+PJ/VZ73oqKF9oiy+FRAOunuVqrKE0xwbxYFNN7tC0kXp4 7WT4rgNL+TDZniikjx+5BxTOAcBUfji9jndrtUqf1l16g0k79Z4NR+NWpbr6GQEi 62Ag9i9mEIxcdq1+GhtQLEdrFzeGdTRZ8ooUuQ7MF1AJEtFehaa99jsEYXI7y0og GDfpTL8LD7APqkV9sWqdhVNC8llplZTUeSFp0fdD4CwUExHpbkNS/K9/M7R4JMFh YZZ/6KU0N/+OvwjuQ7bq =tYLo -----END PGP SIGNATURE----- --=_qgYGkJEruW5vYviVPniSUw1-- From frank@igpm.rwth-aachen.de Fri Feb 28 09:32:17 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 08:32:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE autolearn=ham version=3.3.2 X-Greylist: delayed 567 seconds by postgrey-1.34 at ymir; Fri, 28 Feb 2014 09:32:17 CET Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) by ymir (Postfix) with ESMTP id 446145DB16; Fri, 28 Feb 2014 09:32:17 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,560,1389740400"; d="scan'208,217";a="261232418" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-1.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 09:22:51 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJIiY-0001Wq-JZ; Fri, 28 Feb 2014 09:22:50 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJIiY-0007CN-Dl; Fri, 28 Feb 2014 09:22:50 +0100 Message-ID: <53104757.1030306@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 09:22:47 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel , 438-quiet@bugs.x2go.org, 438@bugs.x2go.org CC: 438-submitter@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> In-Reply-To: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> Content-Type: multipart/alternative; boundary="------------000700040604080506050907" Sender: frank@igpm.rwth-aachen.de This is a multi-part message in MIME format. --------------000700040604080506050907 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello Mike, the problem is, that I'm not an expert on selinux too. But I did some more tests. Interactive Session - first login, the ~/.Xauthority file is created and stays after logout with the permissions *system_u:object_r:default_t:s0* I am still able to login in interactively again. But with this permissions, I got the Cookie mismatch problem, when using the x2goclient. And when I login with ssh to the computer, I got a xauth error message: /usr/bin/xauth: ~/.Xauthority not writable, changes will be ignored Now I remove all .Xauthority* files. Then a login with ssh will create the ~/.Xauthority file with the *system_u:object_r:xauth_home_t:s0* permissions and the files stays with these permissions after logout. Now when I use the x2goclient, the file permissions change during the login process from *system_u:object_r:xauth_home_t:s0* to *system_u:object_r:default_t:s0 *and stay that way after logout. The same, as it is with interactive sessions. So I guess, everything is fine with the x2goserver software and this is not a bug. My problem is, that ssh is not able to overwrite the .Xauthority file, when it has the default permissions of *system_u:object_r:default_t:s0* . Therefore the x2goclient is not able to start a successful session and gets the Cookie mismatch error. So I think, you can close this bugreport. Thank you very much for your quick response and please excuse my mistake in thinking that this was a x2goserver bug. Sincerly Frank Frank Knoben Institut fuer Geometrie und Praktische Mathematik RWTH Aachen Aachen, Germany On 02/27/2014 04:30 PM, Mike Gabriel wrote: > Control: tag -1 moreinfo > > Hi Frank, > >> --------------------------- >> >> ls -Z .Xauthority >> -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority >> >> -------------------------- >> >> Then I do a logout. Now, when I try to connect again to the x2go >> server system, I get >> the following error message on the client side and no session is >> started. >> >> ----------------------------- >> ..... >> >> "Warning: Cookie mismatch in the X authentication data. >> " >> >> "Session: Terminating session at 'Thu Feb 27 09:40:05 2014'. >> Info: Your session was closed before reaching a usable state. >> Info: This can be due to the local X server refusing access to the >> client. >> Info: Please check authorization provided by the remote X application. >> Session: Session terminated at 'Thu Feb 27 09:40:05 2014'. >> " >> >> deleting proxy >> >> nxproxy not running >> >> proxy deleted >> >> ----------------------------------- >> >> But when I change the selinux permissions to >> >> ------ >> >> ls -Z .Xauthority >> >> -rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 >> .Xauthority > > What are the SELinux permissions after you have logged out? > > Do you need that chcon command call when resuming sessions or when > starting sessions. > > Excuse my SELinux innocence at this point. I would like to add support > for SELinux, but I need to understand better why we have to tweak the > security context of .Xauthority for X2Go. > > Thanks+Greets, > Mike > > > --------------000700040604080506050907 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Hello Mike,

the problem is, that I'm not an expert on selinux too.
But I did some more tests.

Interactive Session - first login, the ~/.Xauthority file is created
and stays after logout with the permissions  system_u:object_r:default_t:s0
I am still able to login in interactively again.

But with this permissions, I got the Cookie mismatch problem, when using the x2goclient.
And when I login with ssh to the computer, I got a xauth error message:
/usr/bin/xauth:  ~/.Xauthority not writable, changes will be ignored

Now I  remove all .Xauthority* files. Then a login with ssh will create the ~/.Xauthority file
with the system_u:object_r:xauth_home_t:s0 permissions and the files stays with
these permissions after logout.

Now when I use the x2goclient, the file permissions change during the login process from
system_u:object_r:xauth_home_t:s0 to system_u:object_r:default_t:s0  and stay
that way after logout. The same, as it is with interactive sessions.
So I guess, everything is fine with the x2goserver software and
this is not a bug.
My problem is, that ssh is not able to overwrite the .Xauthority file, when it has the
default permissions of system_u:object_r:default_t:s0 .  Therefore the x2goclient is
not able to start a successful session and gets the Cookie mismatch error.

So I think, you can close this bugreport.


Thank you very much for your quick response and please excuse my mistake in
thinking that this was a x2goserver bug.

Sincerly

Frank


Frank Knoben
Institut fuer Geometrie und Praktische Mathematik
RWTH Aachen
Aachen,
Germany





On 02/27/2014 04:30 PM, Mike Gabriel wrote:
Control: tag -1 moreinfo

Hi Frank,

---------------------------

ls -Z .Xauthority
 -rw-------. frank users unconfined_u:object_r:default_t:s0 .Xauthority

--------------------------

Then I do a logout. Now, when I try to connect again to the x2go server system, I get
the following error message on the client side and no session is started.

-----------------------------
.....

"Warning: Cookie mismatch in the X authentication data.
"

"Session: Terminating session at 'Thu Feb 27 09:40:05 2014'.
Info: Your session was closed before reaching a usable state.
Info: This can be due to the local X server refusing access to the client.
Info: Please check authorization provided by the remote X application.
Session: Session terminated at 'Thu Feb 27 09:40:05 2014'.
"

deleting proxy

nxproxy not running

proxy deleted

-----------------------------------

But when I change the selinux permissions to

------

ls -Z .Xauthority

-rw-------. frank users unconfined_u:object_r:xauth_home_t:s0 .Xauthority

What are the SELinux permissions after you have logged out?

Do you need that chcon command call when resuming sessions or when starting sessions.

Excuse my SELinux innocence at this point. I would like to add support for SELinux, but I need to understand better why we have to tweak the security context of .Xauthority for X2Go.

Thanks+Greets,
Mike




--------------000700040604080506050907-- From mike.gabriel@das-netzwerkteam.de Fri Feb 28 10:24:47 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 09:24:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 8AA105DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 10:24:47 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 2519D1EC49; Fri, 28 Feb 2014 10:24:47 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 078CB3BF19; Fri, 28 Feb 2014 10:24:47 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1C15Trb2izK1; Fri, 28 Feb 2014 10:24:46 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id CD9BE3B9D5; Fri, 28 Feb 2014 10:24:46 +0100 (CET) Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 28 Feb 2014 09:24:46 +0000 Date: Fri, 28 Feb 2014 09:24:46 +0000 Message-ID: <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> From: Mike Gabriel To: Frank Knoben Cc: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> In-Reply-To: <53104757.1030306@igpm.rwth-aachen.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 213.178.75.58 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_1YsruPhz3iYmUJ7kc8FAuA1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_1YsruPhz3iYmUJ7kc8FAuA1 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Hi Frank, On Fr 28 Feb 2014 09:22:47 CET, Frank Knoben wrote: > Hello Mike, > > the problem is, that I'm not an expert on selinux too. > But I did some more tests. > > Interactive Session - first login, the ~/.Xauthority file is created > and stays after logout with the permissions *system_u:object_r:default_t:s0* > I am still able to login in interactively again. > > But with this permissions, I got the Cookie mismatch problem, when > using the x2goclient. > And when I login with ssh to the computer, I got a xauth error message: > /usr/bin/xauth: ~/.Xauthority not writable, changes will be ignored > > Now I remove all .Xauthority* files. Then a login with ssh will > create the ~/.Xauthority file > with the *system_u:object_r:xauth_home_t:s0* permissions and the > files stays with > these permissions after logout. > > Now when I use the x2goclient, the file permissions change during > the login process from > *system_u:object_r:xauth_home_t:s0* to > *system_u:object_r:default_t:s0 *and stay > that way after logout. The same, as it is with interactive sessions. > So I guess, everything is fine with the x2goserver software and > this is not a bug. > My problem is, that ssh is not able to overwrite the .Xauthority > file, when it has the > default permissions of *system_u:object_r:default_t:s0* . Therefore > the x2goclient is > not able to start a successful session and gets the Cookie mismatch error. > > So I think, you can close this bugreport. Nonono... I actually think there is something wrong with X2Go Server. X2Go Client / PyHoca-GUI (another X2Go client app) should immitate what SSH does. As the X2Go clients call the script /usr/bin/x2gostartagent and this script fiddles with the .Xauthority files via xauth, we should make sure that after modifying the .Xauthority file the SELinux permissions stay intact. Can you please add your proposed chcon command into x2gostartagent (near line 268, there is another position further up for shadow sessions) after xauth has been called and see it that fixes your troubles. Next step: please provide me with an if clause that will test if SELinux is in use or not, so we can call chcon only if SELinux is in use on that system. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_1YsruPhz3iYmUJ7kc8FAuA1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTEFXeAAoJEJr0azAldxsx3aMQAIQb7VPrIBPMaFWtzwjkm93k 9NvY6ci21fWeoC77h8KefPKlXCFOeS9UK/jF8kv5yuYcYx5WioH9n0mv/qrr+NNS NDFensY3gQnPx2LDe8PA+ujLjbnRnVdKyHenkdfZT2xJ+cyWZiVs+u4Ia0YE0SlW GtGzLWBALgFVdMr4Z0YkpDNkhyujpdXxkn6qHXebVUrqLJNgE19xF4mSPhGhynyI bmP0fox+fEWZpVLAkvJJ5FPLo152pBMPASJfYnKCNU21AIowEXO5Jyra+S61wrSi J+8egBx/LvP8Z51Kx1fH8JKgjlVtYBSP2rg1XUgh7XM7hQYAq7Zex9YPTGKpDp2g bELXswg7PlIwMCJkQJc8Cs3Yae1Fl8B8fCc/mmghoMmQbk9jvBQqZv/GctSNzcEA VAdbLEutwB79Axpv/Ao3h44DpnHvAfDcV0OJTsv3AxBAgXZwiF5cSeuRawHjyksI FOq8VtFoIAgKU/e7pkuRMouCTXdApMQ1dDn0rrlEpB8sjpDCNIBBf+Q7/NLNZcSj U+UmDho5GgA1jDyIT4PLErJQdLuOIw6Ww3S35WOkAiyB+X9enMkorAOPhMfHYmHm nScM/42rEigbwhhK9iyXvZpPNQvsgCx1QyqlIot5kcd/+woFVSc2M5MZWSct9RV6 ndT43xQZinkSdHnfHuiO =p2oz -----END PGP SIGNATURE----- --=_1YsruPhz3iYmUJ7kc8FAuA1-- From frank@igpm.rwth-aachen.de Fri Feb 28 12:12:44 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 11:12:45 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 86FCA5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 12:12:44 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; d="scan'208";a="173270397" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 12:12:44 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJLMy-0007gs-4e; Fri, 28 Feb 2014 12:12:44 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJLMx-000BBH-U8; Fri, 28 Feb 2014 12:12:44 +0100 Message-ID: <53106F2B.4000507@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 12:12:43 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> In-Reply-To: <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Mike, thank you very much for the proposal, where I could fix the problem for my system. But I still have to think, how to make a permanent workaround in the x2gostartagent script. - if I use icewm windowmanager with selinux and x2goserver / x2goclient everything is fine and the .Xauthority file has the right permissions - if I use the kde or gnome windowmanager the .Xauthority permissions will be modified to the wrong permissions - when the home directory is on a nfsserver with no selinux installed and the x2goserver system uses selinux, there is no problem at all. Trying to fix the selinux permissions will give the error message 'Operation not supported' So I think, it is a problem of the kde and gnome windowmanager. For the kde windowmanager, I put a chcon statement at the end of the /usr/bin/startkde script. I'm still looking for a workaround for the gnome windowmanager. Sincerly Frank > Nonono... I actually think there is something wrong with X2Go Server. > > X2Go Client / PyHoca-GUI (another X2Go client app) should immitate > what SSH does. > > As the X2Go clients call the script /usr/bin/x2gostartagent and this > script fiddles with the .Xauthority files via xauth, we should make > sure that after modifying the .Xauthority file the SELinux permissions > stay intact. > > Can you please add your proposed chcon command into x2gostartagent > (near line 268, there is another position further up for shadow > sessions) after xauth has been called and see it that fixes your > troubles. > > Next step: please provide me with an if clause that will test if > SELinux is in use or not, so we can call chcon only if SELinux is in > use on that system. > > Thanks+Greets, > Mike > From mike.gabriel@das-netzwerkteam.de Fri Feb 28 13:00:39 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:00:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 4CE8C5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:00:39 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id ECCC71EC67; Fri, 28 Feb 2014 13:00:38 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id DDBEC3BD70; Fri, 28 Feb 2014 13:00:38 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5kAuCJdLvvXo; Fri, 28 Feb 2014 13:00:38 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id A1FCC3B93D; Fri, 28 Feb 2014 13:00:38 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 28 Feb 2014 12:00:38 +0000 Date: Fri, 28 Feb 2014 12:00:38 +0000 Message-ID: <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Frank Knoben Cc: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> In-Reply-To: <53106F2B.4000507@igpm.rwth-aachen.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_olvj9Sedtq8GZld9eearxw2"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_olvj9Sedtq8GZld9eearxw2 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Hi Frank, On Fr 28 Feb 2014 12:12:43 CET, Frank Knoben wrote: > Hi Mike, > > thank you very much for the proposal, where I could fix the problem > for my system. > But I still have to think, how to make a permanent workaround in the > x2gostartagent script. > > - if I use icewm windowmanager with selinux and x2goserver / > x2goclient everything is fine and the .Xauthority file has the right > permissions > - if I use the kde or gnome windowmanager the .Xauthority > permissions will be modified to the wrong permissions > - when the home directory is on a nfsserver with no selinux > installed and the x2goserver system uses selinux, there is no > problem at all. > Trying to fix the selinux permissions will give the error message > 'Operation not supported' > > So I think, it is a problem of the kde and gnome windowmanager. > For the kde windowmanager, I put a chcon statement at the end of the > /usr/bin/startkde script. > I'm still looking for a workaround for the gnome windowmanager. > > Sincerly > > Frank > Thanks for this heavy debugging. I will be fine with adding such magic into x2gostartagent (or x2goruncommand). But we need to be as detailled and explicit on the how and when. Get back to me, once you have more insights. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_olvj9Sedtq8GZld9eearxw2 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTEHpmAAoJEJr0azAldxsxZCAP/3u05/JxWrOvx1X1PUIM5uW5 qfyQf0YxsGbFg3a7iwlay3bdbYvc33JpohgEpxwVk+5pAera4yWRcpcEk1tMw7ks SWkluDbW3Lg6+qrSGVxbXmW8ZLA+aBurBTEec+GS7RVBoM4gLo8pxszj8pwARDxv /g679oh2Xe011dcF6eHtCa1irE6BoqmOIAAj94jzys8peWVNizjX2v2BTjI5vkZc 9Suz/h/QbaeRXiqg2zyZ93JlU5XoKGor6qOW/bVLngIreNwoSDjgLoKi6vSBMywj /zFo3092RV0iwwtGvI4WPuH4FnIHdafxms5IJRvQ+0LrrOP/Tx+JE/3+PEQ0nPSh StlrNWWR3esayVmRA0cCQWERQxNV4nDReMgtUuKAfGeyoOJ2N6SVIxZU6POsFfBg s0HkCczOmgnD+R6FxQ05udn+Trij4GNl0l1V0KL0O/HUxS93Wc6zd1Z3CebYSFRD 040mGxhf368kNqYNFzohh6o10xB4T/y/818Dokgi66fdyd10H8ekdR4n0EW16skC drATyMLscTfJ1049bDldwoF/93CLWS8JNRUw8Bw8nxfht///W8x8L1ruG0KgFy3D z3xPbiEpea64tks90Co9y45UaAR56z0yB0IIUSOJxUM+K+7zacbQWX3C6yGVfYYm o1ablo9nQIDgfccgAam3 =9bq+ -----END PGP SIGNATURE----- --=_olvj9Sedtq8GZld9eearxw2-- From frank@igpm.rwth-aachen.de Fri Feb 28 13:15:42 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:15:43 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 985825DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:15:42 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; d="scan'208";a="173279018" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 13:15:42 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJMLu-0001db-7R; Fri, 28 Feb 2014 13:15:42 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJMLu-000Cjp-1S; Fri, 28 Feb 2014 13:15:42 +0100 Message-ID: <53107DED.6080206@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 13:15:41 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> In-Reply-To: <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Mike, what about the following solution / proposal for the x2goruncommand script: .... # run logout scripts FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` if test -n $FIX_AUTH then /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority fi test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout ... this fixes the selinux file permission in case, it it set to system_u:object_r:default_t:s0 It works on my system. sincerly Frank On 02/28/2014 01:00 PM, Mike Gabriel wrote: > Hi Frank, > > On Fr 28 Feb 2014 12:12:43 CET, Frank Knoben wrote: > >> Hi Mike, >> >> thank you very much for the proposal, where I could fix the problem >> for my system. >> But I still have to think, how to make a permanent workaround in the >> x2gostartagent script. >> >> - if I use icewm windowmanager with selinux and x2goserver / >> x2goclient everything is fine and the .Xauthority file has the right >> permissions >> - if I use the kde or gnome windowmanager the .Xauthority >> permissions will be modified to the wrong permissions >> - when the home directory is on a nfsserver with no selinux installed >> and the x2goserver system uses selinux, there is no problem at all. >> Trying to fix the selinux permissions will give the error message >> 'Operation not supported' >> >> So I think, it is a problem of the kde and gnome windowmanager. >> For the kde windowmanager, I put a chcon statement at the end of the >> /usr/bin/startkde script. >> I'm still looking for a workaround for the gnome windowmanager. >> >> Sincerly >> >> Frank >> > > Thanks for this heavy debugging. > > I will be fine with adding such magic into x2gostartagent (or > x2goruncommand). But we need to be as detailled and explicit on the > how and when. > > Get back to me, once you have more insights. > > Mike From mike.gabriel@das-netzwerkteam.de Fri Feb 28 13:20:52 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:20:52 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 2479D5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:20:52 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id DCF381EC5F; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id CFA4F3BD70; Fri, 28 Feb 2014 13:20:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sf4suoCPfmJQ; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 961093B93D; Fri, 28 Feb 2014 13:20:51 +0100 (CET) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 28 Feb 2014 12:20:51 +0000 Date: Fri, 28 Feb 2014 12:20:51 +0000 Message-ID: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> From: Mike Gabriel To: Frank Knoben Cc: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> In-Reply-To: <53107DED.6080206@igpm.rwth-aachen.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.254.47 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_a4WIwoZfp4UPt8IIvx6euA1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_a4WIwoZfp4UPt8IIvx6euA1 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Hi Frank, On Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote: > Hi Mike, > > what about the following solution / proposal for the x2goruncommand script: > > > .... > # run logout scripts > > FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` > if test -n $FIX_AUTH > then > /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority > fi > > > test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout > > ... > > this fixes the selinux file permission in case, it it set to > system_u:object_r:default_t:s0 > It works on my system. > > sincerly > > Frank The position where you propose adding the fix does not seem right to me. As the file permissions will stay "wrong" for the duration of the session and will only be corrected after the session has ended. Do I understand it correctly, that the file permissions need adaptions directly after session startup (i.e. after launching the session (destop) command)? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_a4WIwoZfp4UPt8IIvx6euA1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTEH8jAAoJEJr0azAldxsxxUcQAJ/uHu7a8mdbFpJq0rPe0XQ/ 0yWZHZbmX7fQV+fhcopQl/XSozsLZd8FA6CH7fLrPpHXRp9bJv42V4OMePq6DKUq CHYhpFNOAD0srEmECWj2r97TMxLbqGtTxoZIDvgqDwlVWweMZkyQgcN1fyceIFSq LLE3ijV0torUni15UownaLs5s9IGv1mVkfg6EYT2WhAyigzdXZqB10ZLogkkyY3w t4n1nnTLL3M1PZDXv3OBXmw02NpYHTZNmxyYlbO/G/+dnxmBTtSNFEQ0VRHYiAZx 6WOQ8uvFk8SEW7Uef7kcWmBmGtioWHpfTFLHBKeOSoXpgTHfrknZoMnoJFek2tQq oxtywIh1/ISm6amZrmjfmtXTp8VRwkvHGmWXEo9dxuEadVAWVADIsYMDaXROBAyI usYi2jXZ7saTqJc7nIBqxYVUp4+IWEI8nuGD3pCIGylO1LXDj2XW/ten+7Pz3p6b kSlU+AqUIVsRwSk72oggP0vRDlh6ppWk5IFaDnb5Y6R4py6CM+PRU4ErpSXgV21h OCQGCfzUfABxfBDmwHllUeevDxuGowZKTGxtXevh4eO8FJkXZhhBnfQmDFz1gNJZ fekW3gO5mTWBNc190gsl+MBD/Io0Cnt9hoU7jWxpbZVBlbjafW7Q/LKyW6lLnZAk GxHVkJIMRY3Af8dGOM4x =Cqwf -----END PGP SIGNATURE----- --=_a4WIwoZfp4UPt8IIvx6euA1-- From frank@igpm.rwth-aachen.de Fri Feb 28 13:30:37 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:30:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 4A87D5DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:30:37 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; d="scan'208,217";a="173281075" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 13:30:37 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJMaL-0002BY-27; Fri, 28 Feb 2014 13:30:37 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJMaK-000D5h-SO; Fri, 28 Feb 2014 13:30:36 +0100 Message-ID: <5310816C.1090202@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 13:30:36 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> In-Reply-To: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> Content-Type: multipart/alternative; boundary="------------020600030107050604060604" Sender: frank@igpm.rwth-aachen.de This is a multi-part message in MIME format. --------------020600030107050604060604 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Mike, the file permissions only need to be fixed for the next login. During startup, the xauth command needs the selinux file permissions of *unconfined_u:object_r:xauth_home_t:s0* or of *unconfined_u:object_r:user_home_t:s0* to the .Xauthority file, so that it can overwrite the file with the new Xauthority Information. After that, everything works fine for the session. At least for my test, where I did login and opened a terminal window. Maybe I should try opening some more kde and gnome applications. On my system, it is ok, when the permissions will be fixed at logout time. Sincerly Frank On 02/28/2014 01:20 PM, Mike Gabriel wrote: > Hi Frank, > > On Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote: > >> Hi Mike, >> >> what about the following solution / proposal for the x2goruncommand >> script: >> >> >> .... >> # run logout scripts >> >> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >> if test -n $FIX_AUTH >> then >> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority >> fi >> >> >> test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout >> >> ... >> >> this fixes the selinux file permission in case, it it set to >> system_u:object_r:default_t:s0 >> It works on my system. >> >> sincerly >> >> Frank > > The position where you propose adding the fix does not seem right to > me. As the file permissions will stay "wrong" for the duration of the > session and will only be corrected after the session has ended. > > Do I understand it correctly, that the file permissions need adaptions > directly after session startup (i.e. after launching the session > (destop) command)? > > Greets, > Mike > > --------------020600030107050604060604 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Hi Mike,

the file permissions only need to be fixed for the next login.
During startup, the xauth command needs the selinux file permissions
of unconfined_u:object_r:xauth_home_t:s0 or of unconfined_u:object_r:user_home_t:s0 to the .Xauthority file,
so that it can overwrite the file with the new Xauthority Information.
After that, everything works fine for the session.
At least for my test, where I did login and opened a terminal window.
Maybe I should try opening some more kde and gnome applications.
On my system, it is ok, when the permissions will be fixed at logout time.

Sincerly

Frank


On 02/28/2014 01:20 PM, Mike Gabriel wrote:
Hi Frank,

On  Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote:

Hi Mike,

what about the following solution / proposal for the x2goruncommand script:


....
# run logout scripts

FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t`
if test -n $FIX_AUTH
then
  /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority
fi


test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout

...

this fixes the selinux file permission in case, it it set to system_u:object_r:default_t:s0
It works on my system.

sincerly

Frank

The position where you propose adding the fix does not seem right to me. As the file permissions will stay "wrong" for the duration of the session and will only be corrected after the session has ended.

Do I understand it correctly, that the file permissions need adaptions directly after session startup (i.e. after launching the session (destop) command)?

Greets,
Mike



--------------020600030107050604060604-- From frank@igpm.rwth-aachen.de Fri Feb 28 14:56:49 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 13:56:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 83D025DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 14:56:49 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,562,1389740400"; d="scan'208";a="173294032" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 14:56:49 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJNvj-0005GX-1l; Fri, 28 Feb 2014 14:56:47 +0100 Received: from pd9f733d2.dip0.t-ipconnect.de ([217.247.51.210] helo=[192.168.178.38]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJNvi-000F5D-Qw; Fri, 28 Feb 2014 14:56:46 +0100 Message-ID: <5310959B.2020901@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 14:56:43 +0100 From: Frank Knoben Reply-To: admin@igpm.rwth-aachen.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> In-Reply-To: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Mike, I gave some more thoughts to your remark, that the position is the wrong one. And you were right. On a system, where users work interactively at an attached screen and use x2go for accessing the system remotely, the fix won't work at that position. There it should be just before the .Xauthority file is accessed. I will see on tuesday, wether I can find that position. Sincerly Frank On 28.02.2014 13:20, Mike Gabriel wrote: > Hi Frank, > > On Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote: > >> Hi Mike, >> >> what about the following solution / proposal for the x2goruncommand >> script: >> >> >> .... >> # run logout scripts >> >> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >> if test -n $FIX_AUTH >> then >> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority >> fi >> >> >> test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout >> >> ... >> >> this fixes the selinux file permission in case, it it set to >> system_u:object_r:default_t:s0 >> It works on my system. >> >> sincerly >> >> Frank > > The position where you propose adding the fix does not seem right to > me. As the file permissions will stay "wrong" for the duration of the > session and will only be corrected after the session has ended. > > Do I understand it correctly, that the file permissions need adaptions > directly after session startup (i.e. after launching the session > (destop) command)? > > Greets, > Mike > > From orion@cora.nwra.com Sat Mar 1 00:07:06 2014 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 23:07:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir (Postfix) with ESMTPS id 6E0B25DA79 for <438@bugs.x2go.org>; Sat, 1 Mar 2014 00:07:06 +0100 (CET) Received: from [10.10.20.7] (barry.cora.nwra.com [10.10.20.7]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s1SN72u2016582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 28 Feb 2014 16:07:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1393628824; bh=PovHPC3a7tDj2hauqQZ30ECxsm1cGrK3s2HQiwzzOs8=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ahbVOGS9wd+0u+b+5iHpxKv9N8dOvgcLXHWIdKnkIEg3fg7lfc+fP8CSPcHM4plF/ sOI7Nw8RLUbAub1265IUdh0cNblJ0Zx7ts+nLNSmyczYEOP97l7IgMySJFwotE9od3 61coqvqY5f5LPXbBjTXZdoz+VebRrEO4KlyWMoPM= Message-ID: <53111696.8050600@cora.nwra.com> Date: Fri, 28 Feb 2014 16:07:02 -0700 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Frank Knoben , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> In-Reply-To: <53107DED.6080206@igpm.rwth-aachen.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 02/28/2014 05:15 AM, Frank Knoben wrote: > Hi Mike, > > what about the following solution / proposal for the x2goruncommand script: > > > .... > # run logout scripts > > FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` > if test -n $FIX_AUTH > then > /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority > fi > I would suggest using restorecon to set the label. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com From frank@igpm.rwth-aachen.de Tue Mar 4 12:02:39 2014 Received: (at 438) by bugs.x2go.org; 4 Mar 2014 11:02:40 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-1.rwth-aachen.de (mx-out-1.rwth-aachen.de [134.130.5.186]) by ymir (Postfix) with ESMTP id 6824A5DB13 for <438@bugs.x2go.org>; Tue, 4 Mar 2014 12:02:39 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,584,1389740400"; d="scan'208";a="261743979" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-1.rz.rwth-aachen.de with ESMTP; 04 Mar 2014 12:02:39 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WKn7P-0003uW-1E; Tue, 04 Mar 2014 12:02:39 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WKn7O-0006K2-Jd; Tue, 04 Mar 2014 12:02:38 +0100 Message-ID: <5315B2CE.6000500@igpm.rwth-aachen.de> Date: Tue, 04 Mar 2014 12:02:38 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Orion Poplawski , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> In-Reply-To: <53111696.8050600@cora.nwra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de When I put the lines in the x2gostartagent script after the XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} line, the permissions will be fixed on login and not on logout. Unfortunately, restorcon sets the permissions to system_u:object_r:default_t:s0 and this does not work on my system. Instead of fixing the selinux .Xauthority permissions, the file could also be deleted on login, if it existed. Something like: if test -f $HOME/.Xauthority then rm $HOME/.Xauthority fi But it could also be, that my selinux system is misconfigured in some strange way, so that other people, who run the system, don't have this problem. Frank On 03/01/2014 12:07 AM, Orion Poplawski wrote: > On 02/28/2014 05:15 AM, Frank Knoben wrote: >> Hi Mike, >> >> what about the following solution / proposal for the x2goruncommand >> script: >> >> >> .... >> # run logout scripts >> >> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >> if test -n $FIX_AUTH >> then >> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 >> $HOME/.Xauthority >> fi >> > > I would suggest using restorecon to set the label. > > From orion@cora.nwra.com Tue Mar 4 17:36:14 2014 Received: (at 438) by bugs.x2go.org; 4 Mar 2014 16:36:15 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir (Postfix) with ESMTPS id A7ABA5DB13 for <438@bugs.x2go.org>; Tue, 4 Mar 2014 17:36:13 +0100 (CET) Received: from [10.10.20.7] (barry.cora.nwra.com [10.10.20.7]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s24GaAlr004378 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 4 Mar 2014 09:36:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1393950971; bh=dACcy0SXEbiBA7DXQh30Qm5FFmbh4FlHd/we8a74yWs=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=abblbrr0+xmrA/dYk1axwlmNYMMYK+bTMUDJDApvXOHdMr/DlOz2OxmTtRgJ5jJ92 eUIZzEYQMCL52Z2XKUDzW6N6eETkW3IN2GdkhEhWyhf9lCCnFAdaNtvvikE5BkHggd 7qC1JPI5kbL49Y0CJRnIg5iub/PP/Y3soe5Fl1tE= Message-ID: <531600FA.2010902@cora.nwra.com> Date: Tue, 04 Mar 2014 09:36:10 -0700 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Frank Knoben , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> In-Reply-To: <5315B2CE.6000500@igpm.rwth-aachen.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 03/04/2014 04:02 AM, Frank Knoben wrote: > When I put the lines in the x2gostartagent script > > after the > > XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} > > line, the permissions will be fixed on login and not on logout. > Unfortunately, restorcon sets the permissions to system_u:object_r:default_t:s0 > and this does not work on my system. That's not right. What is your home directory? What does matchpathcon $HOME return? > Instead of fixing the selinux .Xauthority permissions, the file could also be > deleted on login, > if it existed. Something like: > > > if test -f $HOME/.Xauthority > then > rm $HOME/.Xauthority > fi > > But it could also be, that my selinux system is misconfigured in some strange > way, > so that other people, who run the system, don't have this problem. > > > Frank > > > On 03/01/2014 12:07 AM, Orion Poplawski wrote: >> On 02/28/2014 05:15 AM, Frank Knoben wrote: >>> Hi Mike, >>> >>> what about the following solution / proposal for the x2goruncommand script: >>> >>> >>> .... >>> # run logout scripts >>> >>> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >>> if test -n $FIX_AUTH >>> then >>> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority >>> fi >>> >> >> I would suggest using restorecon to set the label. >> >> -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com From frank@igpm.rwth-aachen.de Wed Mar 5 07:59:12 2014 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 06:59:12 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 41ADC5DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 07:59:12 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,591,1389740400"; d="scan'208";a="173873257" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 05 Mar 2014 07:59:12 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WL5nL-0004t1-Py; Wed, 05 Mar 2014 07:59:11 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WL5nL-000Gpu-KY; Wed, 05 Mar 2014 07:59:11 +0100 Message-ID: <5316CB3A.6090507@igpm.rwth-aachen.de> Date: Wed, 05 Mar 2014 07:59:06 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Orion Poplawski , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> In-Reply-To: <531600FA.2010902@cora.nwra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de On 03/04/2014 05:36 PM, Orion Poplawski wrote: > On 03/04/2014 04:02 AM, Frank Knoben wrote: >> When I put the lines in the x2gostartagent script >> >> after the >> >> XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} >> >> line, the permissions will be fixed on login and not on logout. >> Unfortunately, restorcon sets the permissions to >> system_u:object_r:default_t:s0 >> and this does not work on my system. > > That's not right. What is your home directory? What does > matchpathcon $HOME return? > > matchpathcon $HOME returns system_u:object_r:default_t:s0 I switched the default home location from /home/user to /data/user and changed the permissions of /data/user with chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user From orion@cora.nwra.com Wed Mar 5 16:14:06 2014 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 15:14:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir (Postfix) with ESMTPS id 44BF55DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 16:14:06 +0100 (CET) Received: from pacas.cora.nwra.com (75-171-160-68.hlrn.qwest.net [75.171.160.68]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s25FDxw4026643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 5 Mar 2014 08:14:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1394032443; bh=7n6QX01tCscM24pD92IqBNcgtVzHVCHzu53GyJrjGqs=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=REvqqiNI2Ypfpk43yBVHBkokpF0j92Oh6VTx6/CJ6c9g/6QiaNfTk/Fw9KfDM7fqw yjpAQeCZshUeD9mO2Szy51Zhe6WAzEUBBIV6ra48Cw9lhD6s5wx7rLSQQnWbIxZjqy LyrFSyXjavbOCY9pUsbfqLTns0LcvjdnBkXeE4YQ= Message-ID: <53173F37.5070500@cora.nwra.com> Date: Wed, 05 Mar 2014 08:13:59 -0700 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Frank Knoben , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> In-Reply-To: <5316CB3A.6090507@igpm.rwth-aachen.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 03/04/2014 11:59 PM, Frank Knoben wrote: > On 03/04/2014 05:36 PM, Orion Poplawski wrote: >> On 03/04/2014 04:02 AM, Frank Knoben wrote: >>> When I put the lines in the x2gostartagent script >>> >>> after the >>> >>> XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} >>> >>> line, the permissions will be fixed on login and not on logout. >>> Unfortunately, restorcon sets the permissions to >>> system_u:object_r:default_t:s0 >>> and this does not work on my system. >> >> That's not right. What is your home directory? What does >> matchpathcon $HOME return? >> >> > > matchpathcon $HOME > returns system_u:object_r:default_t:s0 > > I switched the default home location from /home/user to /data/user and > changed the > permissions of /data/user with > chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user Home directories are very special in SELinux - a whole policy tree is built based on the base home directory. Usually this is determined automatically from entries in /etc/password, but I suspect you are using LDAP or similar so that SELinux does not know you use /data/user for home directories. To inform it, you should do: semanage fcontext -a -e /home /data/user This is from /etc/selinux/semanage.conf. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com From mike.gabriel@das-netzwerkteam.de Wed Mar 5 22:20:48 2014 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 21:20:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id B53CE5DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 5B71FB14; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 46FD23BD6B; Wed, 5 Mar 2014 22:20:48 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSZ-iHq8jkdw; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 243033BA7C; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from p5B284D18.dip0.t-ipconnect.de (p5B284D18.dip0.t-ipconnect.de [91.40.77.24]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Wed, 05 Mar 2014 21:20:47 +0000 Date: Wed, 05 Mar 2014 21:20:47 +0000 Message-ID: <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> From: Mike Gabriel To: Orion Poplawski Cc: Frank Knoben , 438@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> <53173F37.5070500@cora.nwra.com> In-Reply-To: <53173F37.5070500@cora.nwra.com> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.40.77.24 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_dz7AW1tEd_H1sVqHMhZZUg6"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_dz7AW1tEd_H1sVqHMhZZUg6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: tag -1 not-a-bug Hi Frank, hi Orion, On Mi 05 M=E4r 2014 16:13:59 CET, Orion Poplawski wrote: > On 03/04/2014 11:59 PM, Frank Knoben wrote: >> On 03/04/2014 05:36 PM, Orion Poplawski wrote: >>> On 03/04/2014 04:02 AM, Frank Knoben wrote: >>>> When I put the lines in the x2gostartagent script >>>> >>>> after the >>>> >>>> XAUTHORITY=3D${XAUTHORITY:-"$HOME/.Xauthority"} >>>> >>>> line, the permissions will be fixed on login and not on logout. >>>> Unfortunately, restorcon sets the permissions to >>>> system_u:object_r:default_t:s0 >>>> and this does not work on my system. >>> >>> That's not right. What is your home directory? What does >>> matchpathcon $HOME return? >>> >>> >> >> matchpathcon $HOME >> returns system_u:object_r:default_t:s0 >> >> I switched the default home location from /home/user to /data/user and >> changed the >> permissions of /data/user with >> chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user > > Home directories are very special in SELinux - a whole policy tree is > built based on the base home directory. Usually this is determined > automatically from entries in /etc/password, but I suspect you are using > LDAP or similar so that SELinux does not know you use /data/user for > home directories. To inform it, you should do: > > semanage fcontext -a -e /home /data/user > > This is from /etc/selinux/semanage.conf. @Orion: thanks for giving support on this issue. Do I understand it correctly, that the observed issues are not X2Go=20=20 related,=20but rather caused by a non-default setup? Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_dz7AW1tEd_H1sVqHMhZZUg6 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTF5UvAAoJEJr0azAldxsxQZIP/31mIWmTFgUi9rlVGkrnC2+E mZPeJgiUDaVZB55tS1fOwOaAzbui9gzVKc4R9ZuD2p3y0DXTAwLDM2T5L+p04Skp hNQt2ZfIGeBdRPCYAsoyqBOr60Mx9SLbMs2FsnRBE+pJiLhEGTMY8Dv85tUQH6Jz r1Z0/QnrPH80XmWjQfBk5n0DUw7XanNUyUmrg19IdvWUWahxWbKEn5diwgyafR+2 +efx9c2jb3BMrKNqrpPTf9trHamWZ5zi1dtMsdJdQaeTSCqpkThdzynviN00qJV2 EjkwnSo/nKTVa/MPQGDkiCy2cGoavosjdGLv3uRbin/2LXXFzYHL3PfmNqi4kugL oqs2JwxvEFe9eKWXSdPdvWu/VoCrEY8CJ760qH+leiB8XwgPL38PLn14Cfvjcvig BNupUtX5TP3EyWHRlD7fUr3iYy+jcA5IrOKPc8XgOdPWLnYwBxZQRnmifxeEgcTq D2+E0QTspj2eQTUIE+I6cXUVpUOd2iOb96z9OMKPt3SLiazJVXNdROI6KjumWGju dsPsR1pKO93LkQR6QoB0i1lGN5eUFxVEooWwdtNtjjfYkTFmfgoz+c5VWJOM7fXu xszc4DOMmLHl3dVwNKXlITPTL2zOMOLGIn0e3PsTVUGPd+XlF0QigYymQfkFEVdu Y386590qT5M+/gTt2D2k =I1xl -----END PGP SIGNATURE----- --=_dz7AW1tEd_H1sVqHMhZZUg6-- From orion@cora.nwra.com Wed Mar 5 22:37:40 2014 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 21:37:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir (Postfix) with ESMTPS id AFC235DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 22:37:39 +0100 (CET) Received: from [10.10.20.7] (barry.cora.nwra.com [10.10.20.7]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s25LbbBp026261 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 5 Mar 2014 14:37:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1394055457; bh=WQyuni3KaQbLZbrz0At93/p3kZb6nFoYN0Hp3JMuIbU=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=O70A+CWtoZir2hzUvkP+R7OSNDcB3QmQ4IRkPnQKr+wZ/wCthWK+IhWyfUKUwauj6 0T1LBWqLMyCd6RHOa9x3H21b+2YR3wL5rIzM41z8lYIe1Tvd6P+cyH0WJKyqP/qDGe hE/EMaKyBXCHtg/wvwJqpzri01mmFBxRUAELxOgg= Message-ID: <53179921.50004@cora.nwra.com> Date: Wed, 05 Mar 2014 14:37:37 -0700 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: Frank Knoben , 438@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> <53173F37.5070500@cora.nwra.com> <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> In-Reply-To: <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit On 03/05/2014 02:20 PM, Mike Gabriel wrote: > Control: tag -1 not-a-bug > > Hi Frank, hi Orion, > > On Mi 05 Mär 2014 16:13:59 CET, Orion Poplawski wrote: >> Home directories are very special in SELinux - a whole policy tree is >> built based on the base home directory. Usually this is determined >> automatically from entries in /etc/password, but I suspect you are using >> LDAP or similar so that SELinux does not know you use /data/user for >> home directories. To inform it, you should do: >> >> semanage fcontext -a -e /home /data/user >> >> This is from /etc/selinux/semanage.conf. > > @Orion: thanks for giving support on this issue. > > Do I understand it correctly, that the observed issues are not X2Go related, > but rather caused by a non-default setup? > > Mike That's certainly my take. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com From frank@igpm.rwth-aachen.de Thu Mar 6 08:16:20 2014 Received: (at 438) by bugs.x2go.org; 6 Mar 2014 07:16:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id D16EF5DA6C for <438@bugs.x2go.org>; Thu, 6 Mar 2014 08:16:20 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,598,1389740400"; d="scan'208";a="174057989" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 06 Mar 2014 08:16:21 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WLSXU-00082A-FC; Thu, 06 Mar 2014 08:16:20 +0100 Received: from france.igpm.rwth-aachen.de ([134.130.161.63]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WLSXU-000GsV-96; Thu, 06 Mar 2014 08:16:20 +0100 Message-ID: <531820BE.8060203@igpm.rwth-aachen.de> Date: Thu, 06 Mar 2014 08:16:14 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Orion Poplawski , Mike Gabriel CC: 438@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> <53173F37.5070500@cora.nwra.com> <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> <53179921.50004@cora.nwra.com> In-Reply-To: <53179921.50004@cora.nwra.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Orion, hi Mike, thank you very much for your support and your patience. Sincerly Frank From mike.gabriel@das-netzwerkteam.de Thu Mar 6 08:41:11 2014 Received: (at 438) by bugs.x2go.org; 6 Mar 2014 07:41:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 2588B5DA6C for <438@bugs.x2go.org>; Thu, 6 Mar 2014 08:41:11 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 8AA643F18; Thu, 6 Mar 2014 08:41:10 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 5397B3BACB; Thu, 6 Mar 2014 08:41:10 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6765+ovCg9v; Thu, 6 Mar 2014 08:41:10 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 1C2303BA46; Thu, 6 Mar 2014 08:41:10 +0100 (CET) Received: from listrac.informatik.uni-kiel.de (listrac.informatik.uni-kiel.de [134.245.252.114]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 06 Mar 2014 07:41:09 +0000 Date: Thu, 06 Mar 2014 07:41:09 +0000 Message-ID: <20140306074109.Horde.nmp3I1dMQmp7dNP18_QlHA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Frank Knoben Cc: Orion Poplawski , 438@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> <53173F37.5070500@cora.nwra.com> <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> <53179921.50004@cora.nwra.com> <531820BE.8060203@igpm.rwth-aachen.de> In-Reply-To: <531820BE.8060203@igpm.rwth-aachen.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.252.114 X-Remote-Browser: Mozilla/5.0 (X11; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_Jjbl3ptnU5-wmT92FJFpkA5"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_Jjbl3ptnU5-wmT92FJFpkA5 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: close -1 Hi Frank, On Do 06 M=E4r 2014 08:16:14 CET, Frank Knoben wrote: > Hi Orion, hi Mike, > > thank you very much for your support and your patience. > > Sincerly > > Frank You are welcome! Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_Jjbl3ptnU5-wmT92FJFpkA5 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTGCaVAAoJEJr0azAldxsxYBQP/A/0F8HpLMWTdt8gq1HMGqiP /8CSGpKrjc+cAf4dP0KK5ltcfutkjq8e7kXFBzF6bIVV085z5sMCAVYSTKct6lMM 4FTPvkAGwJK/cNYZhi57BUfpxL6IAPiAUW9FMcGyonVwq7Fm23g+p+fTWSwcyMF7 qJocms/HMllSLDNq2kmlze3w7VGo9EPJugFpGSUEeSB7mFSus92VbamU4Ymp5kMX 2zY+CgIZAiXWcLMIuAioaNc226DWdfK7oJbLZ1gsniVaUFXXg3Yc/8azALWPiUfB 53kI60FpFN7rjx12oDQYZuom9hve7qaV0C4rrSJ23bQ79Nmx3XxBMipE6Ik3bxdZ 4OZNjcmCd4uDD648K9NoPc8fx0ARzoQvEY1NhgzQZkvpE+t4/Zc7gft39atP4N+P OGZmjLf13i46bcQQfFb0HSLOHumGypsytM5jGrw8d0fDtGf4e22hnyBnFVcaLHqp mFTkg3ZvNjADFejmivvjeQd3NfQK2HKTeoMkxm+tiFeYj1CrprGMaQNyKKXs/C78 JP0YnYIhydQcXUVChVVnNYGeGAsnZJe0Ww1nKkDEFCgYmOM8NtxxFCRM/YAHccee sMsqsvWc4VxD4FLvMZ0l9NKVVH9RqeX0FKpOqk4zbW+MZUKSD/vZQ2LVIYRVy8ry QWnTWEbZCLsCfOVX8ec5 =8TRu -----END PGP SIGNATURE----- --=_Jjbl3ptnU5-wmT92FJFpkA5-- From unknown Fri Mar 29 07:11:19 2024 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@bugs.x2go.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Bug archived. Date: Fr, 04 Apr 2014 05:24:01 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # Bug archived. thanks # This fakemail brought to you by your local debbugs # administrator