From unknown Thu Mar 28 10:49:36 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#438: x2goserver and rhel6.4 / selinux Problem Reply-To: admin@igpm.rwth-aachen.de, 438@bugs.x2go.org Resent-From: Frank Knoben Original-Sender: frank@igpm.rwth-aachen.de Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 28 Feb 2014 14:00:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 438 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: moreinfo Received: via spool by 438-submit@bugs.x2go.org id=B438.139359581021437 (code B ref 438); Fri, 28 Feb 2014 14:00:02 +0000 Received: (at 438) by bugs.x2go.org; 28 Feb 2014 13:56:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mx-out-2.rwth-aachen.de (mx-out-2.rwth-aachen.de [134.130.5.187]) by ymir (Postfix) with ESMTP id 83D025DB16 for <438@bugs.x2go.org>; Fri, 28 Feb 2014 14:56:49 +0100 (CET) X-IronPort-AV: E=Sophos;i="4.97,562,1389740400"; d="scan'208";a="173294032" Received: from igpm.igpm.rwth-aachen.de ([134.130.161.1]) by mx-2.rz.rwth-aachen.de with ESMTP; 28 Feb 2014 14:56:49 +0100 Received: from indy5.igpm.rwth-aachen.de ([134.130.161.44]) by igpm.igpm.rwth-aachen.de with esmtp (Exim 4.72) (envelope-from ) id 1WJNvj-0005GX-1l; Fri, 28 Feb 2014 14:56:47 +0100 Received: from pd9f733d2.dip0.t-ipconnect.de ([217.247.51.210] helo=[192.168.178.38]) by indy5.igpm.rwth-aachen.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1WJNvi-000F5D-Qw; Fri, 28 Feb 2014 14:56:46 +0100 Message-ID: <5310959B.2020901@igpm.rwth-aachen.de> Date: Fri, 28 Feb 2014 14:56:43 +0100 From: Frank Knoben User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Mike Gabriel CC: 438@bugs.x2go.org References: <20140227153048.Horde.6X5oZyCn2oTDQtFl7KQMCQ1@mail.das-netzwerkteam.de> <53104757.1030306@igpm.rwth-aachen.de> <20140228092446.Horde.K_uiZqFdCvK-Jq-K84gzwg6@mail.das-netzwerkteam.de> <53106F2B.4000507@igpm.rwth-aachen.de> <20140228120038.Horde.dl33bCBmwwHgj0u6OwNIwA1@mail.das-netzwerkteam.de> <53107DED.6080206@igpm.rwth-aachen.de> <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> In-Reply-To: <20140228122051.Horde.GZ8FBPgZh6U4xr_vcWozeg4@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: frank@igpm.rwth-aachen.de Hi Mike, I gave some more thoughts to your remark, that the position is the wrong one. And you were right. On a system, where users work interactively at an attached screen and use x2go for accessing the system remotely, the fix won't work at that position. There it should be just before the .Xauthority file is accessed. I will see on tuesday, wether I can find that position. Sincerly Frank On 28.02.2014 13:20, Mike Gabriel wrote: > Hi Frank, > > On Fr 28 Feb 2014 13:15:41 CET, Frank Knoben wrote: > >> Hi Mike, >> >> what about the following solution / proposal for the x2goruncommand >> script: >> >> >> .... >> # run logout scripts >> >> FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t` >> if test -n $FIX_AUTH >> then >> /usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority >> fi >> >> >> test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout >> >> ... >> >> this fixes the selinux file permission in case, it it set to >> system_u:object_r:default_t:s0 >> It works on my system. >> >> sincerly >> >> Frank > > The position where you propose adding the fix does not seem right to > me. As the file permissions will stay "wrong" for the duration of the > session and will only be corrected after the session has ended. > > Do I understand it correctly, that the file permissions need adaptions > directly after session startup (i.e. after launching the session > (destop) command)? > > Greets, > Mike > >