Problem with VNC and SELinux: FC4

Stephen Smalley sds at
Mon Dec 19 13:33:25 UTC 2005

On Fri, 2005-12-16 at 18:11 -0800, Daniel B. Thurman wrote:
> With the new SELinux updates, it appears that root,
> other than normal users can login to Fedora via VNC
> Server?  My VNC Server is setup such that I am using
> xinitd for VNC Server requests.
> Another problem I noticed is that when I log into my
> Fedora system via VNC as root user, and open a xterm
> window and run a su - <normal-user>, I get back a
> SElinux message:
> ================================================
> # su - dan
> Your default context is: user_u:system_r:kernel_t.
> Do you want to want to choose a different one? [n]
> ================================================
> It is *possible* that this problem came up when
> I had to make a copy of my filesystem to another
> hard-disk for the purpose of creating a /boot
> partition (my bad) and copied/restored the filesystem
> back over to the main drive.  I don't think I made
> any copy/restore mistakes as I know the fs permissions
> are correct but I cannot speak for filesystem journaling
> or whatever that keeps track of the SELinux attributes.
> In any case, what can I do to resolve my VNC and/or su
> issue knowing that SElinux has something to do with it?

/usr/sbin/sestatus -v | grep -v active shows what?

Stephen Smalley
National Security Agency

More information about the fedora-list mailing list