[X2Go-Dev] Bug#438: x2goserver and rhel6.4 / selinux Problem
Frank Knoben
admin at igpm.rwth-aachen.de
Fri Feb 28 13:15:41 CET 2014
Hi Mike,
what about the following solution / proposal for the x2goruncommand script:
....
# run logout scripts
FIX_XAUTH=`ls -Z $HOME/.Xauthority | egrep default_t`
if test -n $FIX_AUTH
then
/usr/bin/chcon unconfined_u:object_r:xauth_home_t:s0 $HOME/.Xauthority
fi
test -r /etc/x2go/x2go_logout && . /etc/x2go/x2go_logout
...
this fixes the selinux file permission in case, it it set to
system_u:object_r:default_t:s0
It works on my system.
sincerly
Frank
On 02/28/2014 01:00 PM, Mike Gabriel wrote:
> Hi Frank,
>
> On Fr 28 Feb 2014 12:12:43 CET, Frank Knoben wrote:
>
>> Hi Mike,
>>
>> thank you very much for the proposal, where I could fix the problem
>> for my system.
>> But I still have to think, how to make a permanent workaround in the
>> x2gostartagent script.
>>
>> - if I use icewm windowmanager with selinux and x2goserver /
>> x2goclient everything is fine and the .Xauthority file has the right
>> permissions
>> - if I use the kde or gnome windowmanager the .Xauthority
>> permissions will be modified to the wrong permissions
>> - when the home directory is on a nfsserver with no selinux installed
>> and the x2goserver system uses selinux, there is no problem at all.
>> Trying to fix the selinux permissions will give the error message
>> 'Operation not supported'
>>
>> So I think, it is a problem of the kde and gnome windowmanager.
>> For the kde windowmanager, I put a chcon statement at the end of the
>> /usr/bin/startkde script.
>> I'm still looking for a workaround for the gnome windowmanager.
>>
>> Sincerly
>>
>> Frank
>>
>
> Thanks for this heavy debugging.
>
> I will be fine with adding such magic into x2gostartagent (or
> x2goruncommand). But we need to be as detailled and explicit on the
> how and when.
>
> Get back to me, once you have more insights.
>
> Mike
More information about the x2go-dev
mailing list