1352262 – xrdp fails to start with permission denied error

Bug 1352262 - xrdp fails to start with permission denied error

Summary: xrdp fails to start with permission denied error

Keywords:
Status:	CLOSED DUPLICATE of bug 1177202
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	xrdp
Sub Component:
Version:	epel7
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Itamar Reis Peixoto
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-03 04:56 UTC by Todd
Modified:	2016-10-29 01:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-10-29 01:18:05 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Todd 2016-07-03 04:56:34 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1177202

Also occurs under Scientific Linux 7.2

To quote from bug 1177202:

Description of problem: After booting up, I tried to remote desktop from Windows 8.1 machine to Fedora 21 machine. That failed. Looking at running processes on F21 machine, noticed that there were no xrdp processes running. Expected to see xrdp and xrdp-sesman running. Viewing /var/log/messasges showed these messages:
Dec 23 17:57:16 localhost systemd: Failed at step EXEC spawning /usr/sbin/xrdp-sesman: Permission denied
Dec 23 17:57:16 localhost systemd: Failed at step EXEC spawning /usr/sbin/xrdp: Permission denied
Dec 23 17:57:16 localhost systemd: xrdp-sesman.service: main process exited, code=exited, status=203/EXEC
Dec 23 17:57:16 localhost systemd: Unit xrdp-sesman.service entered failed state.
Dec 23 17:57:16 localhost systemd: xrdp-sesman.service failed.
Dec 23 17:57:16 localhost systemd: xrdp.service: main process exited, code=exited, status=203/EXEC
Dec 23 17:57:16 localhost systemd: Unit xrdp.service entered failed state.
Dec 23 17:57:16 localhost systemd: xrdp.service failed.

Version-Release number of selected component (if applicable):
xrdp-0.6.1-5.fc21.x86_64

How reproducible:
Try to remote desktop (rdp protocol) to F21 machine

Steps to Reproduce:
1. Install xrdp
2. start xrdp service
3. try to remote desktop from Windows machine to Fedora machine

Actual results:
Attempt to connect fails, /var/log/messages shows errors noted above, no xrdp processes running in Fedora

Expected results:
Attempt to connect succeeds, /var/log/messages shows no errors noted above, xrdp and xrdp-sesman processes running in Fedora

Additional info:
I am running with SELinux enabled. The problem appears to be with the security context of (at least) files /usr/sbin/xrdp and /usr/sbin/xrdp-sesman. The security context of these files, as installed, is "system_u:object_r:unconfined_exec_t:s0". Changing the security context to "unconfined_u:object_r:bin_t:s0" allows the service to start. This modified security context may not be optimal but it at least allows the service to start. If I had to guess the problematic setting is type=unconfined_exec_t.

Comment 1 Itamar Reis Peixoto 2016-10-29 01:18:05 UTC

please discuss this in #1177202

*** This bug has been marked as a duplicate of bug 1177202 ***

Note You need to log in before you can comment on or make changes to this bug.