You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Bojan Smojver 3f2b82ce95 Update to 0.9.23. CVE-2023-40184. 4 weeks ago
.gitignore Update to 0.9.23. CVE-2023-40184. 4 weeks ago
README.Fedora Adjust README.Fedora file (do not use wrapper for Xorg any more). 3 years ago
openssl.conf Add expanded openssl.conf to sources, use no location in certificate 7 years ago
sources Update to 0.9.23. CVE-2023-40184. 4 weeks ago
xrdp-0.9.4-service.patch Bump up to 0.9.4. 6 years ago
xrdp-0.9.6-script-interpreter.patch Actually add the script interpreter patch. 6 years ago
xrdp-0.9.9-sesman.patch Fix sesman.ini patch. 5 years ago
xrdp-0.9.10-scripts-libexec.patch Fix syntax errors in the scripts path patch. 4 years ago
xrdp-0.9.16-arch.patch Adjust arch patch. 2 years ago
xrdp-0.9.17-xrdp-ini.patch Adjust xrdp.ini patch. 2 years ago
xrdp-0.9.18-vnc-uninit.patch Adjust vnc.c patch for 0.9.18. 2 years ago
xrdp-0.9.20-sesman-ini.patch Bump up to 0.9.20 1 year ago
xrdp- Remove C99 loop initialisation on EPEL7. 4 months ago
xrdp-polkit-1.rules README.Fedora: VSOCK support. 4 years ago
xrdp-sesman.pamd upgrade to 0.9.0 8 years ago
xrdp.logrotate Remove daily and compress from logrotate file (BZ #1977175). 2 years ago
xrdp.spec Update to 0.9.23. CVE-2023-40184. 4 weeks ago
xrdp.sysconfig initial version 14 years ago
xrdp.te Remove setpriv patch and adjust SELinux policy to match. 3 years ago



Service restarts after RPM package upgrades have been disabled on purpose.
This is to avoid a situation where an update is performed from within a
session running on xrdp, which can then cause dnf to only perform part of the
transaction and leave the system in a state that requires further manual
intervention, including removal of duplicate packages etc.

So, it will be up to the user/admin to restart xrdp service after any RPM
package upgrade. This is in line with what other GUI systems like Xorg and
Wayland do.


Note that xorgxrdp is not installed and configured by default. Each build
depends on specific binary version of Xorg, which tends to create very strict
installation dependencies that can be an inconvenience in EPEL.


Please note that you may need to install xrdp-selinux package in order to get
the required SELinux policy that will allow xrdp and associated processes to
run successfully if SELinux is enabled. On versions of Fedora and RHEL that
support weak dependencies, xrdp-selinux will be a recommended package.

WARNING: The policy module contains a rule that permits unconfined_service_t
processes to transition into unconfined_t. If xrdp is not the only service
that runs as unconfined_service_t on your system, this policy will allow any
other such service to transition as well.

Default configuration in /etc/pam.d/xrdp-sesman uses password-auth for auth,
account, password and session. This may result in an incorrect context for
the processes in the session. Please adjust this file to match your desktop
environment. An example for Gnome desktop is given in the file.

TigerVNC >= 1.8.0

TigerVNC 1.8.0 enables clipboard support by default (i.e. no need to run
vncconfig), which may cause disconnections in xrdp. To avoid the issue, these
can be added to [Xvnc] stanza in /etc/xrdp/sesman.ini:


Of course, cut and paste support will not work with these set.


If the system is configured to boot into graphical target, you may experience
problems with xrdp Gnome sessions. In order to avoid this, put the system into
multi user target. Like this:

systemctl set-default

Then reboot.

An example of a how to set up xrdp with VSOCK can be found here:

Please note that polkit rules for active sessions, allowing access to colord
and repository updates are already shipped, but in a current, JavaScript