Bug 1780839

Summary: Wrong content of tigervnc systemd files
Product: [Fedora] Fedora Reporter: Gunnar Thielebein <gunnar_thielebein>
Component: tigervncAssignee: Jan Grulich <jgrulich>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: fedora, jgrulich, twaugh, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tigervnc-1.10.0-2.fc31 tigervnc-1.10.1-1.fc30 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-12 01:54:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gunnar Thielebein 2019-12-07 14:16:37 UTC
Description of problem:

After installation of tigervnc in Fedora 30 one can find some example systemd files shipped in /usr/lib/systemd/system/:

find / -regex ".*vnc.*\.\(service\|socket\)"
find: ‘/run/user/1000/gvfs’: Permission denied
/usr/lib/systemd/system/xvnc@.service
/usr/lib/systemd/system/xvnc.socket
/usr/lib/systemd/system/vncserver@.service
/usr/lib/systemd/user/vncserver@.service

The `xvnc@.service` file contains some X11 display configuration.

The `xvnc.socket` file contains, what looks like the xvnc@.service content.

The `vncservice@.service` files in systemd/user and systemd/system looks correct
on first sight. 

Version-Release number of selected component (if applicable):

$ rpm --query -f /usr/lib/systemd/system/xvnc@.service
tigervnc-server-1.10.0-1.fc30.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. Install tigervnc
2. Check socketfile /usr/lib/systemd/system/xvnc.socket
3. Check /usr/lib/systemd/system/xvnc@.service

Actual results:

content of the service file:

```
cat /usr/lib/systemd/system/xvnc@.service
# This file contains configuration of libvnc.so module
#
# To get libvnc.so module working, do this:
# 1. run "vncpasswd" from tigervnc-server package as root user
# 2. uncomment configuration lines below
#
# Please note you can specify any option which Xvnc accepts.
# Refer to `Xvnc -help` output for detailed list of options.

#Section "Module"
#    Load "vnc"
#EndSection

#Section "Screen"
#    Identifier "Screen0"
#    DefaultDepth 16
#    Option "SecurityTypes" "VncAuth"
#    Option "PasswordFile" "/root/.vnc/passwd"
#EndSection
```

Content of the socket file:

```
$ cat /usr/lib/systemd/system/xvnc.socket
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/xvnc@.service
# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable xvnc.socket`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=XVNC Per-Connection Daemon

[Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
User=nobody
StandardInput=socket
StandardError=syslog
```


Expected results:

Content of the service file should look like:

```
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/xvnc@.service
# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable xvnc.socket`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=XVNC Per-Connection Daemon

[Service]
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
User=nobody
StandardInput=socket
StandardError=syslog
```

Content of the socket file should look similiar to the content of Archlinux article: https://wiki.archlinux.org/index.php/Tightvnc#On_demand_multi-user_mode

```
/etc/systemd/system/xvnc.socket

[Unit]
Description=XVNC Server

[Socket]
ListenStream=5900
Accept=yes

[Install]
WantedBy=sockets.target
```

Comment 1 Fedora Update System 2019-12-10 08:34:15 UTC
FEDORA-2019-8bcab526a8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8bcab526a8

Comment 2 Fedora Update System 2019-12-10 08:34:16 UTC
FEDORA-2019-60932d345a has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-60932d345a

Comment 3 Fedora Update System 2019-12-11 01:04:10 UTC
tigervnc-1.10.0-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8bcab526a8

Comment 4 Fedora Update System 2019-12-11 01:41:34 UTC
tigervnc-1.10.0-2.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-60932d345a

Comment 5 Fedora Update System 2019-12-12 01:54:18 UTC
tigervnc-1.10.0-2.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2019-12-21 01:26:57 UTC
tigervnc-1.10.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8005476e72

Comment 7 Fedora Update System 2020-01-04 22:15:18 UTC
tigervnc-1.10.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.