From unknown Fri Mar 29 11:05:28 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#438: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem Reply-To: Orion Poplawski , 438@bugs.x2go.org Resent-From: Orion Poplawski Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 05 Mar 2014 15:15:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 438 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: moreinfo Received: via spool by 438-submit@bugs.x2go.org id=B438.139403244710970 (code B ref 438); Wed, 05 Mar 2014 15:15:02 +0000 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 15:14:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir (Postfix) with ESMTPS id 44BF55DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 16:14:06 +0100 (CET) Received: from pacas.cora.nwra.com (75-171-160-68.hlrn.qwest.net [75.171.160.68]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s25FDxw4026643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 5 Mar 2014 08:14:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1394032443; bh=7n6QX01tCscM24pD92IqBNcgtVzHVCHzu53GyJrjGqs=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=REvqqiNI2Ypfpk43yBVHBkokpF0j92Oh6VTx6/CJ6c9g/6QiaNfTk/Fw9KfDM7fqw yjpAQeCZshUeD9mO2Szy51Zhe6WAzEUBBIV6ra48Cw9lhD6s5wx7rLSQQnWbIxZjqy LyrFSyXjavbOCY9pUsbfqLTns0LcvjdnBkXeE4YQ= Message-ID: <53173F37.5070500@cora.nwra.com> Date: Wed, 05 Mar 2014 08:13:59 -0700 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Frank Knoben , 438@bugs.x2go.org, x2go-dev@lists.berlios.de, Mike Gabriel References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> In-Reply-To: <5316CB3A.6090507@igpm.rwth-aachen.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 03/04/2014 11:59 PM, Frank Knoben wrote: > On 03/04/2014 05:36 PM, Orion Poplawski wrote: >> On 03/04/2014 04:02 AM, Frank Knoben wrote: >>> When I put the lines in the x2gostartagent script >>> >>> after the >>> >>> XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} >>> >>> line, the permissions will be fixed on login and not on logout. >>> Unfortunately, restorcon sets the permissions to >>> system_u:object_r:default_t:s0 >>> and this does not work on my system. >> >> That's not right. What is your home directory? What does >> matchpathcon $HOME return? >> >> > > matchpathcon $HOME > returns system_u:object_r:default_t:s0 > > I switched the default home location from /home/user to /data/user and > changed the > permissions of /data/user with > chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user Home directories are very special in SELinux - a whole policy tree is built based on the base home directory. Usually this is determined automatically from entries in /etc/password, but I suspect you are using LDAP or similar so that SELinux does not know you use /data/user for home directories. To inform it, you should do: semanage fcontext -a -e /home /data/user This is from /etc/selinux/semanage.conf. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com