Description of problem: Enabling the Xorg backend is more difficult than it needs to be. This version of xrdp ships with the Xorg backend stanza commented out in /etc/xrdp/xrdp.ini. The user enables the Xorg backend by :- - uncommenting the stanza - installing xorgxrdp. - (on EL8) editing /etc/xrdp/sesman.ini and changing this line:- param=Xorg to:- param=/usr/libexec/Xorg This last of these is not an obvious step. If the last step is not done, the executable /usr/bin/Xorg is executed instead, which chains to /usr/libexec/Xorg.wrap. By default this fails, as the user is not running on the console. Some xrdp users are addressing this by creating /etc/X11/Xwrapper.config and setting 'allowed_users=anybody', which is lowering the overall security of their systems. See for example https://github.com/neutrinolabs/xrdp/issues/1772 This is a request to update the xrdp RPM to incorporate the sesman.ini change, so as not to confuse new users more than necessary. This can be done by appending these lines to xrdp-0.9.9-sesman.patch:- ------ @@ -94,7 +94,7 @@ ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg ; CentOS 8 : param=/usr/libexec/Xorg ; -param=Xorg +param=/usr/libexec/Xorg ; Leave the rest paramaters as-is unless you understand what will happen. param=-config param=xrdp/xorg.conf ------ Version-Release number of selected component (if applicable): 0.9.14-3 How reproducible: Steps to Reproduce: 1. Install xrdp, xrdp-selinux, xorgxrdp RPMs 2. Uncomment the [Xorg] stanza in /etc/srdp/xrdp.ini 3. Start the xrdp and xrdp-sesman services 4. Attempt to connect to the machine remotely Actual results: Blue screen, and no connection Expected results: Session starts Additional info: I'm one of the maintainers of the XRDP project. Implementing this change will reduce the footfall on our github issues page.
Sorry - link to confused user above should be https://github.com/neutrinolabs/xrdp/issues/1750#issuecomment-752178782
When the recommendation was made to add the wrapper config file and when I patched xrdp to work with selinux on Fedora, the above did not work. I'll revisit when I get some time.
FEDORA-EPEL-2020-4f7288b113 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f7288b113
FEDORA-EPEL-2020-4f7288b113 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f7288b113 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2020-4f7288b113 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.