On Fri, 2005-12-16 at 18:11 -0800, Daniel B. Thurman wrote:
With the new SELinux updates, it appears that root,
other than normal users can login to Fedora via VNC
Server? My VNC Server is setup such that I am using
xinitd for VNC Server requests.
Another problem I noticed is that when I log into my
Fedora system via VNC as root user, and open a xterm
window and run a su - <normal-user>, I get back a
SElinux message:
================================================
# su - dan
Your default context is: user_u:system_r:kernel_t.
Do you want to want to choose a different one? [n]
================================================
It is *possible* that this problem came up when
I had to make a copy of my filesystem to another
hard-disk for the purpose of creating a /boot
partition (my bad) and copied/restored the filesystem
back over to the main drive. I don't think I made
any copy/restore mistakes as I know the fs permissions
are correct but I cannot speak for filesystem journaling
or whatever that keeps track of the SELinux attributes.
In any case, what can I do to resolve my VNC and/or su
issue knowing that SElinux has something to do with it?
/usr/sbin/sestatus -v | grep -v active shows what?
--
Stephen Smalley
National Security Agency