[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Small SELinux issue with kdm and grub [solved]

Hash: SHA1

Marko Vojinovic wrote:
> On Sunday 08 March 2009 23:39, Kevin Kofler wrote:
>> Marko Vojinovic wrote:
>>> I don't understand the last point. What is the feature of KDM that you
>>> talk about? I don't remember enabling any specific feature of KDM other
>>> than autologin. Is that it?
>> In the 5th tab of the KDM options, there's an option to set your boot
>> loader, it should be set to "None" (which is what we set it to by default).
>> If you set it to GRUB, KDM will try to talk to GRUB and SELinux will block
>> it.
> Aha! I found it!
> It was indeed set to grub instead of none. I really don't remember ever 
> touching that setting, but memory can be misleading. Anyway, it doesn't 
> matter anymore. I have set it to none and SELinux stopped complaining.
> Thanks! :-)
> Marko
Resoning for SELinux to deny this:

Login programs are becoming a lot larger, lots of software needs to be
run in order to allow "Assisted Technologies".  Most of this software
can be executed by a non logged in user, so a bug in the software could
compromise the system.  Allowing the login program to manipulate the
boot environment might allow a slightly compromised login program to
turn off security options like SELinux, or change other kernel options.

All this for arguable value.

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]