From: fedora-list-bounces(a)redhat.com
[mailto:fedora-list-bounces@redhat.com]On Behalf Of Daniel B. Thurman
Sent: Friday, December 16, 2005 6:11 PM
To: For users of Fedora Core releases (E-mail)
Cc: Fedora SELinux support list for users & developers.
Subject: Problem with VNC and SELinux: FC4
Folks,
With the new SELinux updates, it appears that root,
other than normal users can login to Fedora via VNC
Server? My VNC Server is setup such that I am using
xinitd for VNC Server requests.
Another problem I noticed is that when I log into my
Fedora system via VNC as root user, and open a xterm
window and run a su - <normal-user>, I get back a
SElinux message:
================================================
# su - dan
Your default context is: user_u:system_r:kernel_t.
Do you want to want to choose a different one? [n]
================================================
It is *possible* that this problem came up when
I had to make a copy of my filesystem to another
hard-disk for the purpose of creating a /boot
partition (my bad) and copied/restored the filesystem
back over to the main drive. I don't think I made
any copy/restore mistakes as I know the fs permissions
are correct but I cannot speak for filesystem journaling
or whatever that keeps track of the SELinux attributes.
In any case, what can I do to resolve my VNC and/or su
issue knowing that SElinux has something to do with it?
Thanks!
Dan Thurman
Problem is not related to SELinux and not really related
to VNC. It turns out that I cannot log into the console
as a non-root user and I get a message saying:
=======================================================
Your session lasted less than 10 seconds. If you have not
logged out yourself, this could mean that there is some
installation problem or that you may be out of diskspace.
Try logging in with one of the failsafe sessions to see if
you can fix this problem.
[] View details (~/.xsession-errors file)
=======================================================
The problem here is that the .xsession-errors file does
not exist. I also note from /var/log/message file:
=======================================================
Dec 17 12:45:31 linux gdm(pam_unix)[16480]: session opened for user dant by (uid=0)
Dec 17 12:45:32 linux gdm(pam_unix)[16480]: session closed for user dant
Dec 17 12:45:32 linux dbus: avc: 0 AV entries and 0/512 buckets used, longest chain
length 0
=======================================================
And from /var/log/audit/audit.log
=======================================================
type=USER_AUTH msg=audit(1134858412.155:3929): user pid=3397 uid=0 auid=4294967295
msg='PAM authentication: user=dant exe="/usr/bin/gdm-binary" (hostname=?,
addr=?, terminal=:0 result=Success)'
type=USER_ACCT msg=audit(1134858412.159:3930): user pid=3397 uid=0 auid=4294967295
msg='PAM accounting: user=dant exe="/usr/bin/gdm-binary" (hostname=?,
addr=?, terminal=:0 result=Success)'
type=CRED_ACQ msg=audit(1134858412.247:3931): user pid=3397 uid=0 auid=4294967295
msg='PAM setcred: user=dant exe="/usr/bin/gdm-binary" (hostname=?, addr=?,
terminal=:0 result=Success)'
type=USER_START msg=audit(1134858412.307:3932): user pid=3397 uid=0 auid=4294967295
msg='PAM session open: user=dant exe="/usr/bin/gdm-binary" (hostname=?,
addr=?, terminal=:0 result=Success)'
=======================================================
File:
# ls -l /usr/bin/gdm-binary
-rwxr-xr-x 1 root root 251668 May 23 2005 /usr/bin/gdm-binary
HALLLLLP! Please :-)
Dan
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005