X2Go Bug report logs - #438
x2goserver and rhel6.4 / selinux Problem

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Thu, 27 Feb 2014 09:10:02 UTC

Severity: normal

Tags: moreinfo, not-a-bug

Found in version

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

Message #86 received at 438@bugs.x2go.org (full text, mbox, reply):

Received: (at 438) by bugs.x2go.org; 5 Mar 2014 15:14:07 +0000
From orion@cora.nwra.com  Wed Mar  5 16:14:06 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail.cora.nwra.com (mercury.cora.nwra.com [])
	by ymir (Postfix) with ESMTPS id 44BF55DB13
	for <438@bugs.x2go.org>; Wed,  5 Mar 2014 16:14:06 +0100 (CET)
Received: from pacas.cora.nwra.com (75-171-160-68.hlrn.qwest.net [])
	(authenticated bits=0)
	by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s25FDxw4026643
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Wed, 5 Mar 2014 08:14:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com;
	s=default; t=1394032443;
Message-ID: <53173F37.5070500@cora.nwra.com>
Date: Wed, 05 Mar 2014 08:13:59 -0700
From: Orion Poplawski <orion@cora.nwra.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Frank Knoben <admin@igpm.rwth-aachen.de>, 438@bugs.x2go.org,
        Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Subject: Re: [X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem
References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de>	<53104757.1030306@igpm.rwth-aachen.de>	<20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de>	<53106F2B.4000507@igpm.rwth-aachen.de>	<20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <53111696.8050600@cora.nwra.com> <5315B2CE.6000500@igpm.rwth-aachen.de> <531600FA.2010902@cora.nwra.com> <5316CB3A.6090507@igpm.rwth-aachen.de>
In-Reply-To: <5316CB3A.6090507@igpm.rwth-aachen.de>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
On 03/04/2014 11:59 PM, Frank Knoben wrote:
> On 03/04/2014 05:36 PM, Orion Poplawski wrote:
>> On 03/04/2014 04:02 AM, Frank Knoben wrote:
>>> When I put the lines in the x2gostartagent script
>>> after the
>>> line, the permissions will be fixed on login and not on logout.
>>> Unfortunately, restorcon sets the permissions to
>>> system_u:object_r:default_t:s0
>>> and this does not work on my system.
>> That's not right.  What is your home directory?  What does
>> matchpathcon $HOME return?
> matchpathcon  $HOME
> returns system_u:object_r:default_t:s0
> I switched the default home location from /home/user to /data/user and
> changed the
> permissions of /data/user with
> chcon -R unconfined_u:object_r:user_home_dir_t:s0 /data/user

Home directories are very special in SELinux - a whole policy tree is
built based on the base home directory.  Usually this is determined
automatically from entries in /etc/password, but I suspect you are using
LDAP or similar so that SELinux does not know you use /data/user for
home directories.  To inform it, you should do:

semanage fcontext -a -e /home /data/user

This is from /etc/selinux/semanage.conf.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion@cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Feb 29 02:42:11 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.