From unknown Wed Apr 15 07:52:25 2026 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#505 closed by Mike Gabriel (X2Go issue (in src:nx-libs) has been marked as closed) Message-ID: References: <20140630122439.7A1085DB60@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 505 X-X2go-PR-Package: nxproxy X-X2go-PR-Source: nx-libs Date: Mon, 30 Jun 2014 12:25:14 +0000 Content-Type: multipart/mixed; boundary="----------=_1404131114-4630-0" This is a multi-part message in MIME format... ------------=_1404131114-4630-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the nxproxy package: #505: nxproxy fails to access /tmp/.X11-unix when /tmp It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1404131114-4630-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 30 Jun 2014 12:24:54 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 7A1085DB60; Mon, 30 Jun 2014 14:24:39 +0200 (CEST) From: Mike Gabriel To: 505-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 505@bugs.x2go.org Subject: X2Go issue (in src:nx-libs) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20140630122439.7A1085DB60@ymir.das-netzwerkteam.de> Date: Mon, 30 Jun 2014 14:24:39 +0200 (CEST) close #505 thanks Hello, we are very hopeful that X2Go issue #505 reported by you has been resolved in the new release (2:3.5.0.25) of the X2Go source project »src:nx-libs«. You can view the complete changelog entry of src:nx-libs (2:3.5.0.25) below, and you can use the following link to view all the code changes between this and the last release of src:nx-libs. http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=8d4317e7e4fccbe6906c5ba57b8d0101868f92f3;hp=460a3cb3911bbfb717d0259947fe05f68d964948 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:nx-libs. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:nx-libs Version: 2:3.5.0.25-0x2go1 Status: RELEASE Date: Mon, 30 Jun 2014 14:05:46 +0200 Fixes: 40 339 490 504 505 515 516 Changes: nx-libs (2:3.5.0.25-0x2go1) RELEASED; urgency=low . [ Mihai Moldovan ] * Add 029_nxcomp_ppc64.full+lite.patch. Fix sockaddr handling on Big Endian systems (like PPC64). (Fixes: #515). * Add 057_nx-X11_sanitize-eventmasks.full.patch. Fix failures in session windows coming up on Big Endian systems like PPC64. (Fixes: #516). * Improve 105_nxagent_export-remote-keyboard-config.full.patch. Don't print out nonsensical information, if there really was no error when creating the keyboard file or the other way around. Also add the reason when failing to create the keyboard file. Only print an error message if SessionPath *really* is not defined. * Improve 028_nx-X11_abstract-kernel-sockets.full.patch. Make it more Big Endian robust by assigning correct types for socklen_t objects. * Add 990_fix-DEBUG-and-TEST-builds.full.patch. Fix debug builds (e.g. when globally setting -DDEBUG and -DTEST at build time). . [ Nito Martínez ] * Add 212_nxcomp_build-on-Android.patch. Fix FTBFS of nxproxy/nxcomp when build against the Android system. (Fixes: #339). . [ Oleksandr Shneyder ] * Add 210_nxagent_nxcomp_save_session_state.full+lite.patch. Save session state in path specified by "state" option in agent options file. If option is omitted, session state will not be saved. Session states are: STARTING, RUNNING, SUSPENDING, SUSPENDED, RESUMING, TERMINATING, TERMINATED. * Add 211_nxcomp_set_default_options.full+lite.patch. Set default arguments for options 'link' and 'pack' to avoid session damage by resuming with incorrect options file. . [ Mike Gabriel ] * Add 606_nx-X11_build-on-aarch64.full.patch. Build on aarch64 architectures. (Fixes: #490). * Add 027_nxcomp_abstract-X11-socket.full+lite.patch. In proxy mode "server" let NX proxy attempt connecting to the abstract X11 socket first, and only fallback to the file system socket, if the abstract socket is not available. (Fixes: #505). * Add 028_nx-X11_abstract-kernel-sockets.full.patch. Provide abstract local socket support for Linux based systems. This patch pulls in abstract socket relevant code from xtrans 1.2.7. (Fixes: #504). * Add 302_nx-X11_xkbbasedir-detection.patch. For detecting XkbBaseDir test for xkb/rules/base instead of testing for deprecated file xkb/keymap.dir. (Fixes: #40). * Add 206_nxagent_clipboard-as-nxoption.full.patch. Make the clipboard option configurable in nxagent via NX options as addition to the command line parameter -clipboard. Note that the command line parameter overrides the clipboard NX option. Possible values are both or 1, client, server, none or 0. . * Update patches, to make them apply cleanly after above changes: + 220_nxproxy-bind-loopback-only.full+lite.patch + 016_nx-X11_install-location.debian.patch + 056_nx-X11-Werror-format-security.full.patch + 108_nxagent_wine-close-delay.full.patch + 300_nxagent_set-wm-class.full.patch + 320_nxagent_configurable-keystrokes.full.patch . * Rename patches to match our naming scheme: + 008_nxcomp_sa-restorer.full+lite.patch + 009_nxagent_add-man-page.full.patch + 009_nxproxy_add-man-page.full+lite.patch + 056_nx-X11_Werror-format-security.full.patch + 209_x2goagent_add-man-page.full.patch + 220_nxproxy_bind-loopback-only.full+lite.patch ------------=_1404131114-4630-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 27 May 2014 19:40:25 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id BDE683D166 for ; Tue, 27 May 2014 21:40:24 +0200 (CEST) Received: from [10.10.20.7] (barry.cora.nwra.com [10.10.20.7]) (authenticated bits=0) by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s4RJeN38016194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 27 May 2014 13:40:23 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com; s=default; t=1401219623; bh=LyKtNgv5SUZB0/CSb6BMnyAoUXfJTqxnkibaOktbW3A=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ciGA566IPHuyWHpAUAHo5utaJF5hdk0O+vJQ8aeiriCPEuuQ8ixOFIZeIJn7Rmpez 2raCFUCBchwO6I3asFAdZVffw+V7QOxdWBEENFaDP/WfGvnW5IMFXYKd5FkZY7PfsQ +/i7thT/NIUCz61q/H2YeoOnrzh5wk9BtJo0UsDk= Message-ID: <5384EA27.8010303@cora.nwra.com> Date: Tue, 27 May 2014 13:40:23 -0600 From: Orion Poplawski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: Fwd: [Bug 1101726] New: x2goclient fails on hosts using polyinstantiated /tmp directories References: In-Reply-To: X-Forwarded-Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Package: x2goclient -------- Original Message -------- Subject: [Bug 1101726] New: x2goclient fails on hosts using polyinstantiated /tmp directories Date: Tue, 27 May 2014 19:38:53 +0000 From: bugzilla@redhat.com To: orion@cora.nwra.com https://bugzilla.redhat.com/show_bug.cgi?id=1101726 Bug ID: 1101726 Summary: x2goclient fails on hosts using polyinstantiated /tmp directories Product: Fedora EPEL Version: el6 Component: x2goclient Assignee: orion@cora.nwra.com Reporter: rgm+rh@gnu.org QA Contact: extras-qa@fedoraproject.org CC: orion@cora.nwra.com Hi, Description of problem: This is like bug#1100985, but whereas that was an issue with x2goserver, this is an issue with the client. If the host on which the client runs has enabled polyinstantiated /tmp directories as per https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html then x2goclient cannot connect to anywhere (even if the host that it tries to connect to has a "normal" /tmp). It seems it cannot find the /tmp/.X11-unix/X0 socket on the local host. It should be able to work with X's abstract namespace socket rather than requiring the old filesystem socket. Version-Release number of selected component (if applicable): x2goclient-4.0.1.4-1.el6.x86_64 RHEL 6.5 How reproducible: 100% Steps to Reproduce: 1. Uncomment the line in /etc/security/namespace.conf that reads: #/tmp /tmp-inst/ level root,adm Apply the workaround from bug#1100985 so that /tmp/.X11-unix gets created in the user's /tmp directory (or for testing simply create it by hand with the right permissions). 2. Start a new desktop session as a normal user. Observe that /tmp/.X11-unix/X0 does not exist in that user session. 3. Try to connect anywhere using x2goclient. Actual results: x2go fails with a message of the form: ServerProxy: WARNING! Connection to ':0.0' failed with error 'No such file or directory'. Expected results: x2go works. Additional info: There seems to be no clean way to fix this. RHEL5 had some commented-out example code in /etc/security/namespace.init that was designed for this kind of problem: # If you intend to polyinstantiate /tmp and you also want to use the X windows # environment, you will have to use this script to bind mount the socket that # is used by the X server to communicate with its clients. X server places # this socket in /tmp/.X11-unix directory, which will get obscured by # polyinstantiation. Uncommenting the following lines will bind mount # the relevant directory at an alternative location (/.tmp/.X11-unix) such # that the X server, window manager and X clients, can still find the # socket X0 at the polyinstanted /tmp/.X11-unix. # #if [ $1 = /tmp ]; then # if [ ! -f /.tmp/.X11-unix ]; then # mkdir -p /.tmp/.X11-unix # fi # mount --bind /tmp/.X11-unix /.tmp/.X11-unix # cp -fp -- /tmp/.X0-lock "$2/.X0-lock" # mkdir -- "$2/.X11-unix" # ln -fs -- /.tmp/.X11-unix/X0 "$2/.X11-unix/X0" #fi By experiment, this does not seem to work in RHEL6. It seems that when the namespace.init script runs, the real /tmp is already hidden. If you run the bind mount part at startup, then just make the link in namespace.init, it seems to work, but this is rather ugly. It would be better if x2go would just work. It seems that other X applications were fixed in RHEL6 to not need the workaround. See eg bug#598671, which says that applications should look for X's abstract namespace socket first, before falling back to the old filesystem socket /tmp/.X11-unix/X0. Thanks. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. ------------=_1404131114-4630-0--