[X2Go-Dev] Bug#626: NX agent dies not reliably remove socket files under /tmp/.X11-unix

Horst Schirmeier horst at schirmeier.com
Fri Oct 3 21:47:21 CEST 2014 

OK, to summarize the scenario:
 
 -  A normal user connects, gets the first display :50, runs his
    session.  /tmp/.X50-lock and /tmp/.X11-unix/X50 are owned by this
    user.
 
 -  The user decides to killall -u username -9.  (Don't ask.  The
    actual story was that the logout process didn't complete, and he
    tried to clean up behind him, having accustomed to use kill -9 all
    the time.)
 
 -  This kicks the user's nxagent out of business (the same would happen
    if it simply crashes), which prevents it from cleaning up the
    sockets in /tmp.

 -  Another user connects, and also gets assigned the first display
    (because, for some reason, x2go is convinced it's free again).  His
    x2go processes are not permitted to remove and recreate
    /tmp/.X50-lock and /tmp/.X11-unix/X50, and the window manager dies
    immediately.  All users besides the initial user are locked out of
    x2go from now on.
 
Manual workaround: Remove stale /tmp/.X??-lock and /tmp/.X11-unix/X??.
Apply LART to users of kill -9 against nxagent.

Automatic workaround: x2gocleansessions should probably take care of the
/tmp file removal.  LART will still need to be applied manually.

A "real" fix would move the usual, immediate cleanup step out of the
user's control.  This could, for example, happen by a daemon running as
root, that spawns a nxagent at a user's request, under the user's UID.
Once the nxagent dies (from whatever cause), the daemon's SIGCHLD
handler does the cleanup.  This would also remove the race condition (up
to 2s delay before the sockets are cleaned up; connection of new users
may be impossible in this time window) introduced by the aforementioned
"automatic workaround".

Another, much simpler possibility would be to use randomized/uniqe
socket names instead of the fixed /tmp/.X${DISPLAYNUM}-lock /
/tmp/.X11-unix/X${DISPLAYNUM} scheme.  But I don't know enough about X11
to judge whether this could work.

-- Horst

-- 
PGP-Key 0xD40E0E7A

More information about the x2go-dev mailing list