[X2Go-Dev] Bug#504: Fwd: [Bug 1100985] New: x2go clients fail to connect to servers using polyinstantiated /tmp directories

Orion Poplawski orion at cora.nwra.com
Tue May 27 21:40:08 CEST 2014 

Package: x2goserver


-------- Original Message --------
Subject: [Bug 1100985] New: x2go clients fail to connect to servers using 
polyinstantiated /tmp directories
Date: Sun, 25 May 2014 00:13:13 +0000
From: bugzilla at redhat.com
To: orion at cora.nwra.com

https://bugzilla.redhat.com/show_bug.cgi?id=1100985

             Bug ID: 1100985
            Summary: x2go clients fail to connect to servers using
                     polyinstantiated /tmp directories
            Product: Fedora EPEL
            Version: el6
          Component: x2goserver
           Assignee: orion at cora.nwra.com
           Reporter: rgm+rh at gnu.org
         QA Contact: extras-qa at fedoraproject.org
                 CC: orion at cora.nwra.com



Hi,


Description of problem:

If the RHEL6 host that acts as the server for x2go has enabled polyinstantiated
/tmp directories as per

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html

then x2go clients cannot connect. They fail with

   The remote proxy closed the connection while negotiating
   the session. This may be due to the wrong authentication
   credentials passed to the server.

It seems that x2go needs the directory /tmp/.X11-unix/ to exist, be owned
by root, and be mode 1777.


Version-Release number of selected component (if applicable):

x2goserver-4.0.1.13-4.el6.x86_64
RHEL 6.5


How reproducible:

100%.


Steps to Reproduce:
1. Uncomment the line in /etc/security/namespace.conf that reads:
#/tmp     /tmp-inst/           level      root,adm

2. Try to log in to that host via x2goclient.


Actual results:

x2go fails.


Expected results:

x2go works.


Additional info:

A workaround is to add something like the following to the end of
/etc/security/namespace.init:

if [ "$1" = "/tmp" ]; then
     XSOCKDIR=/tmp/.X11-unix
     if [ ! -d $XSOCKDIR ]; then
         mkdir $XSOCKDIR
         chmod 1777 $XSOCKDIR
     fi
fi

It would be great if x2go could fix this itself though.
Ideally it would either not need /tmp/.X11-unix, or be able to create it itself
when needed.


Thanks.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the x2go-dev mailing list