[policy-1.9-5] VNC module in X AVC

Adam Gibson agibson at ptm.com
Mon Mar 22 16:27:58 UTC 2004 

As a heavy user of the vnc.o module, I just want to make sure everyone
understand the benefit of using the vnc.o X module by adding the info to
XF86Config compared to using Xvnc.  The vnc.o module automatically
exports the default local display :0 that users see on their local
monitor.  Previously the user had to manually run x0vncviewer after
logging in to the local system to export the currently running display
(usually ':0' )which was rather kludgy, slow and resource intensive. 
Before that it was not even possible to do it... they had to just start
a new xserver display with Xvnc specifically for remote vnc and run
applications separately on that display.

This is my XF86Config file additions to get it working under Fedora Core
1 in case others want to test it with SELinux(I wish there was
documentation explaining this from RedHat... I had to search for quite
some time to figure out how to enable the vnc.o modules that Fedora Core
1 ships with).

Under "Module" section
        Load  "Vnc"

Under "Screen" section
        Option     "httpdir"  "/usr/share/vnc/classes"
        Option     "PasswordFile"       "/root/.vnc/passwd"
        Option     "rfbport"    "5999"
        Option     "LocalHost"
        Option     "usevnc"

Note: I also had to create the /root/.vnc/passwd using
/usr/bin/vncpasswd.  I have not figured out a way to have a separate
password depending on who logs in locally.  It is one password for the
local display regardless of who is logged in.  For single user systems
this works fine.

On Sun, 2004-03-21 at 03:57, Tim Waugh wrote:
> On Sun, Mar 21, 2004 at 01:56:20PM +1100, Russell Coker wrote:
> 
> > > This might be reasonable - to reserve :0 for X and force Xvnc (which
> > > might be started by users) use higher display numbers.
> > 
> > In what situations would users need to start their own VNC servers?
> 
> All the time, usually from the vncserver perl script.  You might want
> to start VNC from an ssh login, for example.
> 
> Note that the vncserver init script will also want to do this.
> 
> Tim.
> */
> 
> ______________________________________________________________________
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- 
Adam Gibson <agibson at ptm.com>

More information about the fedora-selinux-list mailing list