> Folks,
>
> With the new SELinux updates, it appears that root,
> other than normal users can login to Fedora via VNC
> Server? My VNC Server is setup such that I am using
> xinitd for VNC Server requests.
>
>
A problem I noticed on FC4 with updates is that running VNC from initscripts
will cause user sessions to have a system_u:system_r:initrc_t context. If
you start a VNC server as the user from a shell, you get get the expected
behavior of unconfined_t session.
> Another problem I noticed is that when I log into my
> Fedora system via VNC as root user, and open a xterm
> window and run a su - <normal-user>, I get back a
> SElinux message:
>
> ================================================
> # su - dan
> Your default context is: user_u:system_r:kernel_t.
>
> Do you want to want to choose a different one? [n]
> ================================================
>
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
To get vncserver working properly on Rawhide, you can change the context
to unconfined_exec_t
chcon -t unconfined_exec_t /usr/bin/vncserver
--