Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Pablo Escobar
    @pescobar001_twitter
    @matt335672 I think the easy solution for me would be to do the fuse mounts in the local file system outside the home folders but that's not possible yet, right?
    I will try your suggested workaround later today and I will let you know how it goes (I am quite busy now with an urgent stuff I have to deliver)
    Derek Schrock
    @derekschrock
    @pescobar001_twitter You can also edit /etc/fuse.conf and set max mount to 0
    mount_max = 0
    Pablo Escobar
    @pescobar001_twitter
    @derekschrock then I would lose the copy&paste functionality right?
    Derek Schrock
    @derekschrock
    I don't think so.
    Pablo Escobar
    @pescobar001_twitter
    I thought the fuse mounts were also used for copy&paste functionality. In fact I saw a folder named like ~/.thinclient_drives/clipboard
    but I will give it a try setting the fuse max mounts to 0 and see what happens
    thanks for the hint
    Derek Schrock
    @derekschrock
    I think it'
    I think it's jsut copy/paste of files
    Pablo Escobar
    @pescobar001_twitter
    oh I see
    I don't need that, I only need that my users can copy&paste strings
    that would be a good workaround by now
    Derek Schrock
    @derekschrock
    But having fuse, with nfs root squashed nfs home dirs caused us problems then we foudn that if we just disable all fuse mounts it fixed any issues with fuse/fusermount
    I would opt for not enabling fuse in xrdp totally
    I'd assume you're using fuse from EPEL?
    I think there's a fix upstream for fusermount to be usable whiel setuid'ed in the fuse project but I could never get it to work
    Pablo Escobar
    @pescobar001_twitter
    yes, I am using EPEL
    Derek Schrock
    @derekschrock
    libfuse/libfuse#376
    Pablo Escobar
    @pescobar001_twitter
    yes, I suffered that one too
    matt335672
    @matt335672

    Hi both.

    Considering #1048 which is being worked on, can either of you see any mileage in adding an extra option to simply disable the mount? I can look into that.

    Pablo Escobar
    @pescobar001_twitter
    @matt335672 I will try to completely disable the fuse mounts in /etc/fuse.conf and I will let you know if this workarounds the issue
    (tomorrow)
    Pablo Escobar
    @pescobar001_twitter
    @matt335672 @derekschrock I verified that adding mount_max = 0 to /etc/fuse.conf in the server running xrdp workarounds the problem. The fuse mount is not created and still my user can copy&paste text
    I have updated issue #1048 with the workaround in case it's helpful for others
    thanks everyone for the help :)
    metalefty
    @metalefty
    hi everyone. some corporate users in japan also wants to disable fuse function completely without rebuilding xrdp.
    i think it is worth to implement. let’s start it.
    Derek Schrock
    @derekschrock
    I agree. Much better for it to be a runtime seting than a build time setting.
    Pablo Escobar
    @pescobar001_twitter
    indeed
    matt335672
    @matt335672
    I'll build it into #1048 - thanks all.
    aquesnel
    @aquesnel
    hi, I'm looking into writing a simple rdp test client to be able exercise xrdp features in a test environment, and I'd like to contribute this test client to the project. Rather than writing a client from scratch I was planning on using FreeRDP, and I saw that the NeutrinoRDP module in xrdp already has a dependency on the NeutrinoRDP library which is itself a fork of FreeRDP 1.0.1. I saw that NeutrinoRDP hasn't merged pull requests in several years and seems to be inactive.
    My question is: does anyone have a recommendation for using the existing NeutrinoRDP library vs adding a new dependency of FreeRDP 2.2.0 (latest stable)?
    metalefty
    @metalefty
    I +1 to FreeRDP.
    NeutrinoRDP has a histroical reason why it is forked from FreeRDP
    but it no longer has any advantage to FreeRDP.
    See also neutrinolabs/xrdp#1338
    aquesnel
    @aquesnel
    Thanks
    metzk4
    @metzk4
    Hi all! Wondering what the framerate is for XRDP?
    geweizi
    @geweizi
    hi
    metalefty
    @metalefty
    @matt335672 Since the development is relatively active than before thanks to your work. I don't see your work from corner to corner. Can you also update the NEWS wiki?
    I meant let's write draft release notes for the next release day by day.
    matt335672
    @matt335672
    OK - I'll try to keep an update going to the NEWS wiki too.
    matt335672
    @matt335672
    @metalefty - I've brought the NEWS wiki page up-to-date I think. I'll update it after each PR.
    metalefty
    @metalefty
    thank you so much
    matt335672
    @matt335672

    @metalefty - I've been looking at #1684 recently. The design choices made by the systemd team are requiring the PAM auth and session code to be called from the same process, which currently isn't the case - at the moment the auth code is called from the main sesman process and the session code is called from the first fork() process.

    That's relatively simple to fix for the SCP V0 code, but a bit messy. The SCP V1 code is harder. This code also has a denial-of-service problem I've just found which I'll send you privately.

    I've had a look back through the git logs for SCP V1, and nothing significant has happened to it since 2008, when you made some changes.

    My proposal at the moment is to disable the V1 code we're not using and fix the V0 code for #1684. After that, I think a bigger change is required to use separate forked processes to handle all authentication requests as part of an improved V1 API. This will let us implement things like password changes and proper 2FA, but will take a bit longer to implement and be more disruptive.

    How does that sound to you?

    metalefty
    @metalefty
    Actually, I'm not involved in SCP. Most work is done before I joined xrdp development.
    metalefty
    @metalefty
    As far as I see the commit logs, Jay, Laxmikant Rashinkar and ilsimo did most work on SCP. I've never talked Rashinkar and ilsimo.
    metalefty
    @metalefty
    Unfortunately, it appears they except Jay has already left xrdp project. Jay is still the owner of the project but he recently focuses on RDP protocol implementation such as GFX. We can / need to decide by ourselves how we redesign SCP. I agree with disabling the V1 code and fix up the V0 code. I think we can name the SCPv0 based bran-new code SCPv2.
    matt335672
    @matt335672

    OK - thanks for the clarification.

    I'm happy to stick with the current way of doing things with SCP V2, but I was wondering if you had any thoughts on maybe using a more modern style protocol based on something like JSON. We don't need a lot of performance from the sesman interface. The disadvantage would be more dependencies, but we'd gain (potentially) an interface that's easier to debug and tools could be written in a scripting language which might make the whole project a bit more accessible.

    I don't personally have any particular technologies to suggest or recommend in this area. At the moment I'm just interested in what your thoughts are.

    Meanwhile I'll get on with a fix for V0 and disabling V1.