Go to file
Fedora Release Engineering 34af43db09 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-03 12:48:17 +00:00
.gitignore Bump up to 0.9.9. 2019-01-11 19:12:58 +11:00
openssl.conf Add expanded openssl.conf to sources, use no location in certificate 2017-01-22 22:23:24 -08:00
README.Fedora Bump up to 0.9.3. 2017-08-10 10:42:06 +10:00
sources Bump up to 0.9.9. 2019-01-11 19:12:58 +11:00
xrdp-0.9.2-setpriv.patch Rework starting of Xorg to use setpriv, directly from xrdp. 2017-04-08 16:24:24 +10:00
xrdp-0.9.4-CVE-2017-16927.patch Patch CVE-2017-16927. 2017-11-24 10:53:52 +11:00
xrdp-0.9.4-service.patch Bump up to 0.9.4. 2017-10-06 14:36:47 +11:00
xrdp-0.9.6-script-interpreter.patch Actually add the script interpreter patch. 2018-04-23 15:22:45 +10:00
xrdp-0.9.7-scripts-libexec.patch Bump up to 0.9.7. 2018-07-04 16:38:17 +10:00
xrdp-0.9.9-sesman.patch Fix sesman.ini patch. 2019-01-11 19:22:02 +11:00
xrdp-0.9.9-xrdp-ini.patch Fix xrdp.ini patch. 2019-01-11 19:31:06 +11:00
xrdp-sesman.pamd upgrade to 0.9.0 2015-07-15 14:34:45 -03:00
xrdp.logrotate Fix log file rotation. 2017-02-16 10:02:51 +11:00
xrdp.spec - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 2019-02-03 12:48:17 +00:00
xrdp.sysconfig initial version 2009-08-14 18:01:35 +00:00
xrdp.te Some SELinux policy additions/improvements. 2018-04-22 16:37:17 +10:00

Restarts
========

Service restarts after RPM package upgrades have been disabled on purpose.
This is to avoid a situation where an update is performed from within a
session running on xrdp, which can then cause dnf to only perform part of the
transaction and leave the system in a state that requires further manual
intervention, including removal of duplicate packages etc.

So, it will be up to the user/admin to restart xrdp service after any RPM
package upgrade. This is in line with what other GUI systems like Xorg and
Wayland do.

xorgxrdp
========

On Fedora, /usr/bin/Xorg is a script that starts either
/usr/libexec/Xorg.wrap, which is a SUID binary, or /usr/libexec/Xorg, if the
former does not exist. Xrdp binary makes sure that SUID of the Xorg.wrap
binary is not obeyed.

However, the Xorg.wrap has an additional hurdle to clear, because by default,
it will only allow users logged into the console to start it.

So, in order to run the Xorg xrdp session via xrogxrdp, normally a user
account not logged onto the console will be used. To avoid Xorg.wrap refusing
to run, put the following into /etc/X11/Xwrapper.config:

allowed_users = anybody

SELinux
=======

Please note that you may need to install xrdp-selinux package in order to get
the required SELinux policy that will allow xrdp and associated processes to
run successfully if SELinux is enabled.

WARNING: The policy module contains a rule that permits unconfined_service_t
processes to transition into unconfined_t. If xrdp is not the only service
that runs as unconfined_service_t on your system, this policy will allow any
other such service to transition as well.

TigerVNC >= 1.8.0
=================

TigerVNC 1.8.0 enables clipboard support by default (i.e. no need to run
vncconfig), which may cause disconnections in xrdp. To avoid the issue, these
can be added to [Xvnc] stanza in /etc/xrdp/sesman.ini:

param=-AcceptCutText=0
param=-SendCutText=0
param=-SendPrimary=0
param=-SetPrimary=0

Of course, cut and paste support will not work with these set.

Runlevel
========

If the system is configured to boot into graphical target, you may experience
problems with xrdp Gnome sessions. In order to avoid this, put the system into
multi user target. Like this:

systemctl set-default multi-user.target

Then reboot.