From mike.gabriel@das-netzwerkteam.de Wed Mar 5 22:20:48 2014 Received: (at 438) by bugs.x2go.org; 5 Mar 2014 21:20:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id B53CE5DB13 for <438@bugs.x2go.org>; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 5B71FB14; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 46FD23BD6B; Wed, 5 Mar 2014 22:20:48 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSZ-iHq8jkdw; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 243033BA7C; Wed, 5 Mar 2014 22:20:48 +0100 (CET) Received: from p5B284D18.dip0.t-ipconnect.de (p5B284D18.dip0.t-ipconnect.de [91.40.77.24]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Wed, 05 Mar 2014 21:20:47 +0000 Date: Wed, 05 Mar 2014 21:20:47 +0000 Message-ID: <20140305212047.Horde.IvbGyx6rg59uVJrAkv1erw2@mail.das-netzwerkteam.de> From: Mike Gabriel To: Orion Poplawski Cc: Frank Knoben , 438@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de> <53173F37.5070500@cora.nwra.com> In-Reply-To: <53173F37.5070500@cora.nwra.com> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.40.77.24 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Iceweasel/26.0 Content-Type: multipart/signed; boundary="=_dz7AW1tEd_H1sVqHMhZZUg6"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_dz7AW1tEd_H1sVqHMhZZUg6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: tag -1 not-a-bug Hi Frank, hi Orion, On Mi 05 M=E4r 2014 16:13:59 CET, Orion Poplawski wrote: > On 03/04/2014 11:59 PM, Frank Knoben wrote: >> On 03/04/2014 05:36 PM, Orion Poplawski wrote: >>> On 03/04/2014 04:02 AM, Frank Knoben wrote: >>>> When I put the lines in the x2gostartagent script >>>> >>>> after the >>>> >>>> XAUTHORITY=3D${XAUTHORITY:-"$HOME/.Xauthority"} >>>> >>>> line, the permissions will be fixed on login and not on logout. >>>> Unfortunately, restorcon sets the permissions to >>>> system_u:object_r:default_t:s0 >>>> and this does not work on my system. >>> >>> That's not right. What is your home directory? What does >>> matchpathcon $HOME return? >>> >>> >> >> matchpathcon $HOME >> returns system_u:object_r:default_t:s0 >> >> I switched the default home location from /home/user to /data/user and >> changed the >> permissions of /data/user with >> chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user > > Home directories are very special in SELinux - a whole policy tree is > built based on the base home directory. Usually this is determined > automatically from entries in /etc/password, but I suspect you are using > LDAP or similar so that SELinux does not know you use /data/user for > home directories. To inform it, you should do: > > semanage fcontext -a -e /home /data/user > > This is from /etc/selinux/semanage.conf. @Orion: thanks for giving support on this issue. Do I understand it correctly, that the observed issues are not X2Go=20=20 related,=20but rather caused by a non-default setup? Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_dz7AW1tEd_H1sVqHMhZZUg6 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTF5UvAAoJEJr0azAldxsxQZIP/31mIWmTFgUi9rlVGkrnC2+E mZPeJgiUDaVZB55tS1fOwOaAzbui9gzVKc4R9ZuD2p3y0DXTAwLDM2T5L+p04Skp hNQt2ZfIGeBdRPCYAsoyqBOr60Mx9SLbMs2FsnRBE+pJiLhEGTMY8Dv85tUQH6Jz r1Z0/QnrPH80XmWjQfBk5n0DUw7XanNUyUmrg19IdvWUWahxWbKEn5diwgyafR+2 +efx9c2jb3BMrKNqrpPTf9trHamWZ5zi1dtMsdJdQaeTSCqpkThdzynviN00qJV2 EjkwnSo/nKTVa/MPQGDkiCy2cGoavosjdGLv3uRbin/2LXXFzYHL3PfmNqi4kugL oqs2JwxvEFe9eKWXSdPdvWu/VoCrEY8CJ760qH+leiB8XwgPL38PLn14Cfvjcvig BNupUtX5TP3EyWHRlD7fUr3iYy+jcA5IrOKPc8XgOdPWLnYwBxZQRnmifxeEgcTq D2+E0QTspj2eQTUIE+I6cXUVpUOd2iOb96z9OMKPt3SLiazJVXNdROI6KjumWGju dsPsR1pKO93LkQR6QoB0i1lGN5eUFxVEooWwdtNtjjfYkTFmfgoz+c5VWJOM7fXu xszc4DOMmLHl3dVwNKXlITPTL2zOMOLGIn0e3PsTVUGPd+XlF0QigYymQfkFEVdu Y386590qT5M+/gTt2D2k =I1xl -----END PGP SIGNATURE----- --=_dz7AW1tEd_H1sVqHMhZZUg6--