1100985 – x2go clients fail to connect to servers using polyinstantiated /tmp directories

Bug 1100985 - x2go clients fail to connect to servers using polyinstantiated /tmp directories

Summary: x2go clients fail to connect to servers using polyinstantiated /tmp directories

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	nx-libs
Sub Component:
Version:	el6
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Orion Poplawski
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://bugs.x2go.org/cgi-bin/bugrepor...
Whiteboard:
Duplicates (1):	1101726 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-25 00:13 UTC by Glenn Morris
Modified:	2014-07-23 22:41 UTC (History)
CC List:	1 user (show)
Fixed In Version:	nx-libs-3.5.0.27-1.el6
Clone Of:
Environment:
Last Closed:	2014-07-23 22:41:33 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Glenn Morris 2014-05-25 00:13:13 UTC

Hi,


Description of problem:

If the RHEL6 host that acts as the server for x2go has enabled polyinstantiated /tmp directories as per

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html

then x2go clients cannot connect. They fail with

  The remote proxy closed the connection while negotiating
  the session. This may be due to the wrong authentication
  credentials passed to the server.

It seems that x2go needs the directory /tmp/.X11-unix/ to exist, be owned
by root, and be mode 1777.


Version-Release number of selected component (if applicable):

x2goserver-4.0.1.13-4.el6.x86_64
RHEL 6.5


How reproducible:

100%.


Steps to Reproduce:
1. Uncomment the line in /etc/security/namespace.conf that reads:
#/tmp     /tmp-inst/       	level      root,adm

2. Try to log in to that host via x2goclient.


Actual results:

x2go fails.


Expected results:

x2go works.


Additional info:

A workaround is to add something like the following to the end of
/etc/security/namespace.init:

if [ "$1" = "/tmp" ]; then
    XSOCKDIR=/tmp/.X11-unix
    if [ ! -d $XSOCKDIR ]; then
        mkdir $XSOCKDIR
        chmod 1777 $XSOCKDIR
    fi
fi

It would be great if x2go could fix this itself though.
Ideally it would either not need /tmp/.X11-unix, or be able to create it itself
when needed.


Thanks.

Comment 1 Orion Poplawski 2014-05-27 19:48:32 UTC

Passed on to upstream for now.  Will try to take a look at it sometime if they don't get to it first.

Comment 2 Orion Poplawski 2014-06-23 20:00:13 UTC

Please test the builds from here:

http://koji.fedoraproject.org/koji/taskinfo?taskID=7069091

Hopefully it will fix both of these issues.

Comment 3 Glenn Morris 2014-06-25 01:11:02 UTC

> http://koji.fedoraproject.org/koji/taskinfo?taskID=7069091

Seems to work for me. Thanks!

Comment 4 Orion Poplawski 2014-06-25 20:38:28 UTC

*** Bug 1101726 has been marked as a duplicate of this bug. ***

Comment 5 Orion Poplawski 2014-06-25 20:39:57 UTC

I believe upstream will be releasing a new version shortly.  Will push that when released.

Comment 6 Fedora Update System 2014-07-09 04:07:35 UTC

nx-libs-3.5.0.27-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/nx-libs-3.5.0.27-1.el6

Comment 7 Fedora Update System 2014-07-23 22:41:33 UTC

nx-libs-3.5.0.27-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.