|
|
2824937 |
Restarts
|
|
|
2824937 |
========
|
|
|
2824937 |
|
|
|
2824937 |
Service restarts after RPM package upgrades have been disabled on purpose.
|
|
|
2824937 |
This is to avoid a situation where an update is performed from within a
|
|
|
2824937 |
session running on xrdp, which can then cause dnf to only perform part of the
|
|
|
2824937 |
transaction and leave the system in a state that requires further manual
|
|
|
2824937 |
intervention, including removal of duplicate packages etc.
|
|
|
2824937 |
|
|
|
2824937 |
So, it will be up to the user/admin to restart xrdp service after any RPM
|
|
|
2824937 |
package upgrade. This is in line with what other GUI systems like Xorg and
|
|
|
2824937 |
Wayland do.
|
|
|
2824937 |
|
|
|
2824937 |
xorgxrdp
|
|
|
2824937 |
========
|
|
|
2824937 |
|
|
|
2824937 |
On Fedora, /usr/bin/Xorg is a script that starts either
|
|
|
2824937 |
/usr/libexec/Xorg.wrap, which is a SUID binary, or /usr/libexec/Xorg, if the
|
|
|
2824937 |
former does not exist. Xrdp binary makes sure that SUID of the Xorg.wrap
|
|
|
2824937 |
binary is not obeyed.
|
|
|
2824937 |
|
|
|
2824937 |
However, the Xorg.wrap has an additional hurdle to clear, because by default,
|
|
|
2824937 |
it will only allow users logged into the console to start it.
|
|
|
2824937 |
|
|
|
2824937 |
So, in order to run the Xorg xrdp session via xrogxrdp, normally a user
|
|
|
2824937 |
account not logged onto the console will be used. To avoid Xorg.wrap refusing
|
|
|
2824937 |
to run, put the following into /etc/X11/Xwrapper.config:
|
|
|
2824937 |
|
|
|
2824937 |
allowed_users = anybody
|
|
|
c89b807 |
|
|
|
c89b807 |
SELinux
|
|
|
c89b807 |
=======
|
|
|
c89b807 |
|
|
|
294ba52 |
Please note that you may need to install xrdp-selinux package in order to get
|
|
|
294ba52 |
the required SELinux policy that will allow xrdp and associated processes to
|
|
|
294ba52 |
run successfully if SELinux is enabled.
|
|
|
294ba52 |
|
|
|
294ba52 |
WARNING: The policy module contains a rule that permits unconfined_service_t
|
|
|
294ba52 |
processes to transition into unconfined_t. If xrdp is not the only service
|
|
|
294ba52 |
that runs as unconfined_service_t on your system, this policy will allow any
|
|
|
294ba52 |
other such service to transition as well.
|
|
|
12a8dc2 |
|
|
|
12a8dc2 |
TigerVNC >= 1.8.0
|
|
|
12a8dc2 |
=================
|
|
|
12a8dc2 |
|
|
|
12a8dc2 |
TigerVNC 1.8.0 enables clipboard support by default (i.e. no need to run
|
|
|
12a8dc2 |
vncconfig), which may cause disconnections in xrdp. To avoid the issue, these
|
|
|
12a8dc2 |
can be added to [Xvnc] stanza in /etc/xrdp/sesman.ini:
|
|
|
12a8dc2 |
|
|
|
12a8dc2 |
param=-AcceptCutText=0
|
|
|
12a8dc2 |
param=-SendCutText=0
|
|
|
12a8dc2 |
param=-SendPrimary=0
|
|
|
12a8dc2 |
param=-SetPrimary=0
|
|
|
12a8dc2 |
|
|
|
12a8dc2 |
Of course, cut and paste support will not work with these set.
|
|
|
f5708ae |
|
|
|
f5708ae |
Runlevel
|
|
|
f5708ae |
========
|
|
|
f5708ae |
|
|
|
f5708ae |
If the system is configured to boot into graphical target, you may experience
|
|
|
f5708ae |
problems with xrdp Gnome sessions. In order to avoid this, put the system into
|
|
|
f5708ae |
multi user target. Like this:
|
|
|
f5708ae |
|
|
|
f5708ae |
systemctl set-default multi-user.target
|
|
|
f5708ae |
|
|
|
f5708ae |
Then reboot.
|