Hi Mike, On Fri, Apr 01, 2011 at 10:31:51AM +0200, Mike Gabriel wrote: > Sorry, I mixed both systems up. I want to refer to SELinux... I haven't > work with any of them, and only know them from reading. However, I think > the time being invested by someone in a wrapper script (->Dick...) it > could be an alternative option to invest time into SELinux investigation > and a generic configuration that hardens the security of an X2go > server...
Well, a generic SELinux (or apparmor) config should allow user level access to the whole system, it might constrain root access. If root access is not allowed through X2Go, some other remote management solution needs to be used. If only X2Go sessions are affected, SSH will still work. Anyway, using something like X2Go for remote management (e.g. to access some GUI configuration tools) seems to me to be a valid use case of X2Go. Mike, I don't want to discourage you from investigating the SELinux/apparmor/SMACK/TOMOYO/... way of increasing X2Go security, I just don't think it is the right approach for Dick's use case. Dedicated X2Go user accounts with a forced (wrapper) command (via authorized_keys) seems to be a better fit IMHO. Regards, Erik -- Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ auersw...@fg-networking.de Tel: +49-631-4149988-0 Fax: +49-631-4149988-9 Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 _______________________________________________ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
