Bug 1352262

Summary: xrdp fails to start with permission denied error
Product: [Fedora] Fedora EPEL Reporter: Todd <ToddAndMargo>
Component: xrdpAssignee: Itamar Reis Peixoto <itamar>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel7CC: bojan, itamar
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-29 01:18:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Todd 2016-07-03 04:56:34 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1177202

Also occurs under Scientific Linux 7.2

To quote from bug 1177202:

Description of problem: After booting up, I tried to remote desktop from Windows 8.1 machine to Fedora 21 machine. That failed. Looking at running processes on F21 machine, noticed that there were no xrdp processes running. Expected to see xrdp and xrdp-sesman running. Viewing /var/log/messasges showed these messages:
Dec 23 17:57:16 localhost systemd: Failed at step EXEC spawning /usr/sbin/xrdp-sesman: Permission denied
Dec 23 17:57:16 localhost systemd: Failed at step EXEC spawning /usr/sbin/xrdp: Permission denied
Dec 23 17:57:16 localhost systemd: xrdp-sesman.service: main process exited, code=exited, status=203/EXEC
Dec 23 17:57:16 localhost systemd: Unit xrdp-sesman.service entered failed state.
Dec 23 17:57:16 localhost systemd: xrdp-sesman.service failed.
Dec 23 17:57:16 localhost systemd: xrdp.service: main process exited, code=exited, status=203/EXEC
Dec 23 17:57:16 localhost systemd: Unit xrdp.service entered failed state.
Dec 23 17:57:16 localhost systemd: xrdp.service failed.


Version-Release number of selected component (if applicable):
xrdp-0.6.1-5.fc21.x86_64

How reproducible:
Try to remote desktop (rdp protocol) to F21 machine

Steps to Reproduce:
1. Install xrdp
2. start xrdp service 
3. try to remote desktop from Windows machine to Fedora machine

Actual results:
Attempt to connect fails, /var/log/messages shows errors noted above, no xrdp processes running in Fedora

Expected results:
Attempt to connect succeeds, /var/log/messages shows no errors noted above, xrdp and xrdp-sesman processes running in Fedora

Additional info:
I am running with SELinux enabled. The problem appears to be with the security context of (at least) files /usr/sbin/xrdp and /usr/sbin/xrdp-sesman. The security context of these files, as installed, is "system_u:object_r:unconfined_exec_t:s0". Changing the security context to "unconfined_u:object_r:bin_t:s0" allows the service to start. This modified security context may not be optimal but it at least allows the service to start. If I had to guess the problematic setting is type=unconfined_exec_t.
Comment 1 Itamar Reis Peixoto 2016-10-29 01:18:05 UTC 
please discuss this in #1177202

*** This bug has been marked as a duplicate of bug 1177202 ***