I did some more experiments last night and found that if you boot with the Grub parameter 'selinux=0' and then login as a user and then go to Gnome by typing 'startx', you are then able to shutdown the system from the Gnome buttons - even though you are only a user.
Keep in mind that under these conditions, you don't get any of the advantages of selinux.
This is probably not what you want to happen in the long run.
BobG
On Tue, 11 May 2004 10:04:07 +0200 Matthew East wrote:>Hi Bob, thanks for your mail. Am replying just to you because I guess
that I might annoy the list, as you say, it is not an selinux issue.
Sorry about that!
I thought I had tried to set selinux to permissive before shutting down from gnome, and it had worked, but I've tried it just now and it's the same story. So I guess I'll just try and remove the buttons from gnome, at least that way it will be tidier. I saw some threads on the fedora-list about that so I'll go and read up. ;)
thanks again.
Matt
On Mon, 2004-05-10 at 18:36, Bob Gustafson wrote:
Hi
I get that same thing.
Have you tried to do a 'setenforce 0' as root just before you do a Gnome shutdown?
I tried that just now and it still halted at the console prompt (I boot into run level 3 and then do a 'startx' as user to go to Gnome after boot up)
A few weeks ago, I could shutdown from the Gnome menu, but perhaps that was a bug in Gnome. A user should not be able to shutdown the system (!!).
When I am at the console prompt and try to do '/sbin/shutdown -r now', I get the message now that only root can shutdown (this is proper).
Whether a user can shut down from the Gnome menu seems to be not a selinux issue, but just a normal security 'tighterning up' - independent of selinux.
BobG
Hi,
The shutdown or reboot buttons from the gnome menu do not work as user when selinux is in enforcing mode. I get the error "unknown user" and it kicks me to the gdm login screen. I'm sure this is an easy one for you guys, and I have seen the question pop up on some other lists, but have not found a satisfactory answer. Hope you can help!!
thanks, Matt