I did some more experiments last night and found that if you boot with the
Grub parameter 'selinux=0' and then login as a user and then go to Gnome by
typing 'startx', you are then able to shutdown the system from the Gnome
buttons - even though you are only a user.
Keep in mind that under these conditions, you don't get any of the
advantages of selinux.
This is probably not what you want to happen in the long run.
BobG
On Tue, 11 May 2004 10:04:07 +0200 Matthew East wrote:>Hi Bob, thanks for
your mail. Am replying just to you because I guess
that I might annoy the list, as you say, it is not an selinux issue.
Sorry about that!
I thought I had tried to set selinux to permissive before shutting down
from gnome, and it had worked, but I've tried it just now and it's the
same story. So I guess I'll just try and remove the buttons from gnome,
at least that way it will be tidier. I saw some threads on the
fedora-list about that so I'll go and read up. ;)
thanks again.
Matt
On Mon, 2004-05-10 at 18:36, Bob Gustafson wrote:
> Hi
>
> I get that same thing.
>
> Have you tried to do a 'setenforce 0' as root just before you do a Gnome
> shutdown?
>
> I tried that just now and it still halted at the console prompt (I boot
> into run level 3 and then do a 'startx' as user to go to Gnome after boot
> up)
>
> A few weeks ago, I could shutdown from the Gnome menu, but perhaps that was
> a bug in Gnome. A user should not be able to shutdown the system (!!).
>
> When I am at the console prompt and try to do '/sbin/shutdown -r now', I
> get the message now that only root can shutdown (this is proper).
>
> Whether a user can shut down from the Gnome menu seems to be not a selinux
> issue, but just a normal security 'tighterning up' - independent of selinux.
>
> BobG
>
>
>
> >Hi,
> >
> >The shutdown or reboot buttons from the gnome menu do not work as user
> >when selinux is in enforcing mode. I get the error "unknown user" and
it
> >kicks me to the gdm login screen. I'm sure this is an easy one for you
> >guys, and I have seen the question pop up on some other lists, but have
> >not found a satisfactory answer. Hope you can help!!
> >
> >thanks, Matt