Inability to shutdown or reboot from gnome

Bob Gustafson bobgus at rcn.com
Tue May 11 20:19:15 UTC 2004 

I did some more experiments last night and found that if you boot with the
Grub parameter 'selinux=0' and then login as a user and then go to Gnome by
typing 'startx', you are then able to shutdown the system from the Gnome
buttons - even though you are only a user.

Keep in mind that under these conditions, you don't get any of the
advantages of selinux.

This is probably not what you want to happen in the long run.

BobG


On Tue, 11 May 2004 10:04:07 +0200 Matthew East wrote:>Hi Bob, thanks for
your mail. Am replying just to you because I guess
>that I might annoy the list, as you say, it is not an selinux issue.
>
>Sorry about that!
>
>I thought I had tried to set selinux to permissive before shutting down
>from gnome, and it had worked, but I've tried it just now and it's the
>same story. So I guess I'll just try and remove the buttons from gnome,
>at least that way it will be tidier. I saw some threads on the
>fedora-list about that so I'll go and read up. ;)
>
>thanks again.
>
>Matt
>
>On Mon, 2004-05-10 at 18:36, Bob Gustafson wrote:
>> Hi
>>
>> I get that same thing.
>>
>> Have you tried to do a 'setenforce 0' as root just before you do a Gnome
>> shutdown?
>>
>> I tried that just now and it still halted at the console prompt (I boot
>> into run level 3 and then do a 'startx' as user to go to Gnome after boot
>> up)
>>
>> A few weeks ago, I could shutdown from the Gnome menu, but perhaps that was
>> a bug in Gnome. A user should not be able to shutdown the system (!!).
>>
>> When I am at the console prompt and try to do '/sbin/shutdown -r now', I
>> get the message now that only root can shutdown (this is proper).
>>
>> Whether a user can shut down from the Gnome menu seems to be not a selinux
>> issue, but just a normal security 'tighterning up' - independent of selinux.
>>
>> BobG
>>
>>
>>
>> >Hi,
>> >
>> >The shutdown or reboot buttons from the gnome menu do not work as user
>> >when selinux is in enforcing mode. I get the error "unknown user" and it
>> >kicks me to the gdm login screen. I'm sure this is an easy one for you
>> >guys, and I have seen the question pop up on some other lists, but have
>> >not found a satisfactory answer. Hope you can help!!
>> >
>> >thanks, Matt

More information about the fedora-selinux-list mailing list