Bug 1101726 - x2goclient fails on hosts using polyinstantiated /tmp directories
Summary: x2goclient fails on hosts using polyinstantiated /tmp directories
Keywords:
Status: CLOSED DUPLICATE of bug 1100985
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: x2goclient
Version: el6
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Orion Poplawski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-27 19:38 UTC by Glenn Morris
Modified: 2014-06-25 20:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-25 20:38:28 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Glenn Morris 2014-05-27 19:38:53 UTC 
Hi,


Description of problem:

This is like bug#1100985, but whereas that was an issue with x2goserver, this is an issue with the client.

If the host on which the client runs has enabled polyinstantiated /tmp directories as per

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html

then x2goclient cannot connect to anywhere (even if the host that it tries to connect to has a "normal" /tmp). It seems it cannot find the /tmp/.X11-unix/X0 socket on the local host. It should be able to work with X's abstract namespace socket rather than requiring the old filesystem socket.


Version-Release number of selected component (if applicable):

x2goclient-4.0.1.4-1.el6.x86_64
RHEL 6.5


How reproducible:

100%


Steps to Reproduce:
1. Uncomment the line in /etc/security/namespace.conf that reads:
#/tmp     /tmp-inst/       	level      root,adm

Apply the workaround from bug#1100985 so that /tmp/.X11-unix gets created
in the user's /tmp directory (or for testing simply create it by hand with the right permissions).

2. Start a new desktop session as a normal user. Observe that /tmp/.X11-unix/X0 does not exist in that user session.


3. Try to connect anywhere using x2goclient.


Actual results:

x2go fails with a message of the form:
   ServerProxy: WARNING! Connection to ':0.0' failed with error 'No such file   or directory'.


Expected results:

x2go works.


Additional info:

There seems to be no clean way to fix this. RHEL5 had some commented-out example code in /etc/security/namespace.init that was designed for this kind of problem:

# If you intend to polyinstantiate /tmp and you also want to use the X windows
# environment, you will have to use this script to bind mount the socket that
# is used by the X server to communicate with its clients. X server places
# this socket in /tmp/.X11-unix directory, which will get obscured by
# polyinstantiation. Uncommenting the following lines will bind mount
# the relevant directory at an alternative location (/.tmp/.X11-unix) such
# that the X server, window manager and X clients, can still find the
# socket X0 at the polyinstanted /tmp/.X11-unix.
#
#if [ $1 = /tmp ]; then
#       if [ ! -f /.tmp/.X11-unix ]; then
#               mkdir -p /.tmp/.X11-unix
#       fi
#       mount --bind /tmp/.X11-unix /.tmp/.X11-unix
#       cp -fp -- /tmp/.X0-lock "$2/.X0-lock"
#       mkdir -- "$2/.X11-unix"
#       ln -fs -- /.tmp/.X11-unix/X0 "$2/.X11-unix/X0"
#fi


By experiment, this does not seem to work in RHEL6. It seems that when the namespace.init script runs, the real /tmp is already hidden.

If you run the bind mount part at startup, then just make the link in namespace.init, it seems to work, but this is rather ugly.
It would be better if x2go would just work. It seems that other X applications were fixed in RHEL6 to not need the workaround.
See eg bug#598671, which says that applications should look for X's abstract namespace socket first, before falling back to the old filesystem socket
/tmp/.X11-unix/X0.

Thanks.
Comment 1 Orion Poplawski 2014-06-25 20:38:28 UTC 

*** This bug has been marked as a duplicate of bug 1100985 ***
Note You need to log in before you can comment on or make changes to this bug.