X2Go Bug report logs - #438
x2goserver and rhel6.4 / selinux Problem

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Thu, 27 Feb 2014 09:10:02 UTC

Severity: normal

Tags: moreinfo, not-a-bug

Found in version 4.0.1.13

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#438: x2goserver and rhel6.4 / selinux Problem
Reply-To: Frank Knoben <admin@igpm.rwth-aachen.de>, 438@bugs.x2go.org
Resent-From: Frank Knoben <admin@igpm.rwth-aachen.de>
Original-Sender: frank@igpm.rwth-aachen.de
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Fri, 28 Feb 2014 12:20:01 +0000
Resent-Message-ID: <handler.438.B438.139358974319121@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 438
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: moreinfo
Received: via spool by 438-submit@bugs.x2go.org id=B438.139358974319121
          (code B ref 438); Fri, 28 Feb 2014 12:20:01 +0000
Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:15:43 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.2
Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187])
	by ymir (Postfix) with ESMTP id 985825DB16
	for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:15:42 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; 
   d="scan'208";a="173279018"
Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1])
  by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 13:15:42 +0100
Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44])
	by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72)
	(envelope-from <frank@igpm.rwth-aachen.de>)
	id 1WJMLu-0001db-7R; Fri, 28 Feb 2014 13:15:42 +0100
Received: from france.igpm.rwth-aachen.de ([134.130.161.63])
	by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72)
	(envelope-from <frank@indy5.igpm.rwth-aachen.de>)
	id 1WJMLu-000Cjp-1S; Fri, 28 Feb 2014 13:15:42 +0100
Message-ID: <53107DED.6080206@igpm.rwth-aachen.de>
Date: Fri, 28 Feb 2014 13:15:41 +0100
From: Frank Knoben <admin@igpm.rwth-aachen.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
CC: 438@bugs.x2go.org
References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de>
In-Reply-To: <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: frank@igpm.rwth-aachen.de
Hi Mike,

what about the following solution / proposal for the x2goruncommand script:


....
# run logout scripts

FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t`
if test -n $FIX_AUTH
then
  /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority
fi


test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout

...

this fixes the selinux file permission in case, it it set to 
system_u:object_r:default_t:s0
It works on my system.

sincerly

Frank

On 02/28/2014 01:00 PM, Mike Gabriel wrote:
> Hi Frank,
>
> On  Fr 28 Feb 2014 12:12:43 CET, Frank Knoben wrote:
>
>> Hi Mike,
>>
>> thank you very much for the proposal, where I could fix the problem 
>> for my system.
>> But I still have to think, how to make a permanent workaround in the 
>> x2gostartagent script.
>>
>> - if I use icewm windowmanager with selinux and x2goserver / 
>> x2goclient everything is fine and the .Xauthority file has the right 
>> permissions
>> - if I use the kde or gnome  windowmanager the .Xauthority 
>> permissions will be modified to the wrong permissions
>> - when the home directory is on a nfsserver with no selinux installed 
>> and the x2goserver system uses selinux, there is no problem at all.
>>   Trying to fix the selinux permissions will give the error message 
>> 'Operation not supported'
>>
>> So I think, it is a problem of the kde and gnome windowmanager.
>> For the kde windowmanager, I put a chcon statement at the end of the 
>> /usr/bin/startkde script.
>> I'm still looking for a workaround for the gnome windowmanager.
>>
>> Sincerly
>>
>> Frank
>>
>
> Thanks for this heavy debugging.
>
> I will be fine with adding such magic into x2gostartagent (or 
> x2goruncommand). But we need to be as detailled and explicit on the 
> how and when.
>
> Get back to me, once you have more insights.
>
> Mike

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Dec 13 10:34:49 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.