From mike.gabriel@das-netzwerkteam.de Sat May 31 11:54:47 2014 Received: (at 504) by bugs.x2go.org; 31 May 2014 09:54:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 2FD675DA79 for <504@bugs.x2go.org>; Sat, 31 May 2014 11:54:47 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id CBFC8E27; Sat, 31 May 2014 11:54:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B02793C816; Sat, 31 May 2014 11:54:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fNQo1yHvvmEz; Sat, 31 May 2014 11:54:46 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 78D983BAE1; Sat, 31 May 2014 11:54:46 +0200 (CEST) Received: from pD9E9E817.dip0.t-ipconnect.de (pD9E9E817.dip0.t-ipconnect.de [217.233.232.23]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 31 May 2014 09:54:46 +0000 Date: Sat, 31 May 2014 09:54:46 +0000 Message-ID: <20140531095446.Horde.Y43yygH35wH2hoTWHOtwVw3@mail.das-netzwerkteam.de> From: Mike Gabriel To: Orion Poplawski , 504@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#504: Fwd: [Bug 1100985] New: x2go clients fail to connect to servers using polyinstantiated /tmp directories References: <5384EA18.7010203@cora.nwra.com> In-Reply-To: <5384EA18.7010203@cora.nwra.com> User-Agent: Internet Messaging Program (IMP) H5 (6.1.7) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 217.233.232.23 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 Iceweasel/29.0.1 Content-Type: multipart/signed; boundary="=_EiSUPoxb2vUYnootL6KTOA9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_EiSUPoxb2vUYnootL6KTOA9 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: retitle -1 nxagent fails to come up on servers using=20=20 polyinstantiated=20/tmp directories Control: reassign -1 nxagent Control: blocks -1 #406 On Di 27 Mai 2014 21:40:08 CEST, Orion Poplawski wrote: > Package: x2goserver > > > -------- Original Message -------- > Subject: [Bug 1100985] New: x2go clients fail to connect to servers=20=20 >=20using polyinstantiated /tmp directories > Date: Sun, 25 May 2014 00:13:13 +0000 > From: bugzilla@redhat.com > To: orion@cora.nwra.com > > https://bugzilla.redhat.com/show_bug.cgi?id=3D1100985 > > Bug ID: 1100985 > Summary: x2go clients fail to connect to servers using > polyinstantiated /tmp directories > Product: Fedora EPEL > Version: el6 > Component: x2goserver > Assignee: orion@cora.nwra.com > Reporter: rgm+rh@gnu.org > QA Contact: extras-qa@fedoraproject.org > CC: orion@cora.nwra.com > > > > Hi, > > > Description of problem: > > If the RHEL6 host that acts as the server for x2go has enabled=20=20 >=20polyinstantiated > /tmp directories as per > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Lin= ux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html > > then x2go clients cannot connect. They fail with > > The remote proxy closed the connection while negotiating > the session. This may be due to the wrong authentication > credentials passed to the server. > > It seems that x2go needs the directory /tmp/.X11-unix/ to exist, be owned > by root, and be mode 1777. > > > Version-Release number of selected component (if applicable): > > x2goserver-4.0.1.13-4.el6.x86_64 > RHEL 6.5 > > > How reproducible: > > 100%. > > > Steps to Reproduce: > 1. Uncomment the line in /etc/security/namespace.conf that reads: > #/tmp /tmp-inst/ level root,adm > > 2. Try to log in to that host via x2goclient. > > > Actual results: > > x2go fails. > > > Expected results: > > x2go works. > > > Additional info: > > A workaround is to add something like the following to the end of > /etc/security/namespace.init: > > if [ "$1" =3D "/tmp" ]; then > XSOCKDIR=3D/tmp/.X11-unix > if [ ! -d $XSOCKDIR ]; then > mkdir $XSOCKDIR > chmod 1777 $XSOCKDIR > fi > fi > > It would be great if x2go could fix this itself though. > Ideally it would either not need /tmp/.X11-unix, or be able to=20=20 >=20create it itself > when needed. > > > Thanks. --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_EiSUPoxb2vUYnootL6KTOA9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJTiabmAAoJEJr0azAldxsxraQP/jIC0lC4OPpIooPcdLYF+/uT /KdUyE/jdNSCEXTzEhj9NYU0TMoXxTHj8SxV+stCSer3zNDUmgA+e3vA2IgiNDF9 YlO4YCOJftz+9+dp6U6lJewK9WzHyQCvOWLdpZAo5yN1xeEvxBUel9iFxZC7ASOn 47HsqwkJuinlgbKWeMX6JpfyifmbpamVeN37PWKP8i2lxZQJ36ONUcWHySXZyLiT XErgk0CPdaKXr5ix/vJ72zqX3N1ZN30mMMVXv3QuwxYym2fpMhlnfIQcgoxWJFJg 0jMvAOp+4NCIlHqRknagcq2n7GR4B/KLUqC5wr1XPxLVu64h7vtjBJRh3MNzFGx5 XM824h8OcdUE9XDKzlQx1w8Q3vA0/ALszSuCJIfIT2QKyEKR4ck1jDMvu0w0VGbD J4QDUxAotA7IALFVk+jo31uWsEoLg35nmXPkDLD7Wk/2d/QH4GZKxf++g187MyXu nqxXge6/tfDAyg+5VD+CgIlgdpDgVWhH+WsDuWBqX+1clI67RYkHzbdlBamMdfk4 ZwD/7eDk3759vlE5WpDtJerGQg1k1IAkXJFcnE48i+3SDMMDsDRwlXJTLiyhDRV+ 6LjJFY9VjsaYZFvMj6HaglsGuDXBRycU9yqxxCddJ14oaFyLx4/EQCd7gBSvLM+I wm5jN/fqITUr/ZR2Cqam =/5bD -----END PGP SIGNATURE----- --=_EiSUPoxb2vUYnootL6KTOA9--