X2Go Bug report logs - #438
x2goserver and rhel6.4 / selinux Problem

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Thu, 27 Feb 2014 09:10:02 UTC

Severity: normal

Tags: moreinfo, not-a-bug

Found in version

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

Message #56 received at 438@bugs.x2go.org (full text, mbox, reply):

Received: (at 438) by bugs.x2go.org; 28 Feb 2014 12:30:38 +0000
From frank@igpm.rwth-aachen.de  Fri Feb 28 13:30:37 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE
	autolearn=ham version=3.3.2
Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [])
	by ymir (Postfix) with ESMTP id 4A87D5DB16
	for <438@bugs.x2go.org>; Fri, 28 Feb 2014 13:30:37 +0100 (CET)
X-IronPort-AV: E=Sophos;i="4.97,561,1389740400"; 
Received: from igpm.igpm.rwth-aachen.de ([])
  by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 13:30:37 +0100
Received: from indy5.igpm.rwth-aachen.de ([])
	by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72)
	(envelope-from <frank@igpm.rwth-aachen.de>)
	id 1WJMaL-0002BY-27; Fri, 28 Feb 2014 13:30:37 +0100
Received: from france.igpm.rwth-aachen.de ([])
	by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72)
	(envelope-from <frank@indy5.igpm.rwth-aachen.de>)
	id 1WJMaK-000D5h-SO; Fri, 28 Feb 2014 13:30:36 +0100
Message-ID: <5310816C.1090202@igpm.rwth-aachen.de>
Date: Fri, 28 Feb 2014 13:30:36 +0100
From: Frank Knoben <admin@igpm.rwth-aachen.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
CC: 438@bugs.x2go.org
Subject: Re: Bug#438: x2goserver and rhel6.4 / selinux Problem
References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de>
In-Reply-To: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de>
Content-Type: multipart/alternative;
Sender: frank@igpm.rwth-aachen.de
[Message part 1 (text/plain, inline)]
Hi Mike,

the file permissions only need to be fixed for the next login.
During startup, the xauth command needs the selinux file permissions
of *unconfined_u:object_r:xauth_home_t:s0* or of 
*unconfined_u:object_r:user_home_t:s0* to the .Xauthority file,
so that it can overwrite the file with the new Xauthority Information.
After that, everything works fine for the session.
At least for my test, where I did login and opened a terminal window.
Maybe I should try opening some more kde and gnome applications.
On my system, it is ok, when the permissions will be fixed at logout time.



On 02/28/2014 01:20 PM, Mike Gabriel wrote:
> Hi Frank,
> On  Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote:
>> Hi Mike,
>> what about the following solution / proposal for the x2goruncommand 
>> script:
>> ....
>> # run logout scripts
>> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t`
>> if test -n $FIX_AUTH
>> then
>>   /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority
>> fi
>> test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout
>> ...
>> this fixes the selinux file permission in case, it it set to 
>> system_u:object_r:default_t:s0
>> It works on my system.
>> sincerly
>> Frank
> The position where you propose adding the fix does not seem right to 
> me. As the file permissions will stay "wrong" for the duration of the 
> session and will only be corrected after the session has ended.
> Do I understand it correctly, that the file permissions need adaptions 
> directly after session startup (i.e. after launching the session 
> (destop) command)?
> Greets,
> Mike

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Feb 29 01:42:32 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.