systemd vncserver inactive (dead) for non-root users; /home/UserXXX/.vnc permission denied

Posted on

Hello,
I am having trouble with running vncserver on a RHEL 8 machine for all users except for root. I have a NIS set up and /home is mounted from another server (that still runs on RHEL 6). When I enable and start vncservice for a specific user, the service goes inactive. I guess it is somehow related to the different location of /home. Respectively the access is to /home/user/.vnc is denied.
I have already tried

restorecon -R -v /home
restorecon -R -v /

as described in solutions/788183 but without any effect.

[root@SPC-SV03 home]# systemctl start vncserver@:81.service
[root@SPC-SV03 home]# systemctl status vncserver@:81.service
● vncserver@:81.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2024-05-02 12:19:03 CEST; 8s ago
  Process: 908497 ExecStart=/usr/libexec/vncsession-start :81 (code=exited, status=0/SUCCESS)
  Process: 908484 ExecStartPre=/usr/libexec/vncsession-restore :81 (code=exited, status=0/SUCCESS)
 Main PID: 908504 (code=exited, status=0/SUCCESS)

May 02 12:19:03 SPC-SV03 systemd[1]: Starting Remote desktop service (VNC)...
May 02 12:19:03 SPC-SV03 systemd[1]: Started Remote desktop service (VNC).
May 02 12:19:03 SPC-SV03 systemd[1]: vncserver@:81.service: Succeeded.

journal says following:
I guess most relevant is "Failure creating "/home/UserXXX/.vnc": Permission denied"

[root@SPC-SV03 home]# journalctl -xe | grep vnc
-- Subject: Unit vncserver@:81.service has begun start-up
-- Unit vncserver@:81.service has begun starting up.
May 02 12:19:03 SPC-SV03 vncsession[908504]: pam_unix(tigervnc:session): session opened for user UserXXX by (uid=0)
-- Subject: Unit vncserver@:81.service has finished start-up
-- Unit vncserver@:81.service has finished starting up.
May 02 12:19:03 SPC-SV03 vncsession[908506]: Failure creating "/home/UserXXX/.vnc": Permission denied
May 02 12:19:03 SPC-SV03 vncsession[908504]: vncsession: vncserver exited with status=71
May 02 12:19:03 SPC-SV03 vncsession[908504]: pam_unix(tigervnc:session): session closed for user UserXXX
May 02 12:19:03 SPC-SV03 systemd[1]: vncserver@:81.service: Succeeded.
-- The unit vncserver@:81.service has successfully entered the 'dead' state.
May 02 12:19:07 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. For complete SELinux messages run: sealert -l efd2e1a7-5004-4363-a912-0e1f0cd6f642
May 02 12:19:07 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /.
                                                 If you believe that vncsession should be allowed search access on the  directory by default.
                                                 # ausearch -c 'vncsession' --raw | audit2allow -M my-vncsession
                                                 # semodule -X 300 -i my-vncsession.pp
May 02 12:19:09 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /. For complete SELinux messages run: sealert -l efd2e1a7-5004-4363-a912-0e1f0cd6f642
May 02 12:19:09 SPC-SV03 setroubleshoot[908516]: SELinux is preventing /usr/sbin/vncsession from search access on the directory /.
                                                 If you believe that vncsession should be allowed search access on the  directory by default.
                                                 # ausearch -c 'vncsession' --raw | audit2allow -M my-vncsession
                                                 # semodule -X 300 -i my-vncsession.pp

Thanks a lot for any help.

VH

Responses