-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marko Vojinovic wrote: > On Sunday 08 March 2009 23:39, Kevin Kofler wrote: >> Marko Vojinovic wrote: >>> I don't understand the last point. What is the feature of KDM that you >>> talk about? I don't remember enabling any specific feature of KDM other >>> than autologin. Is that it? >> In the 5th tab of the KDM options, there's an option to set your boot >> loader, it should be set to "None" (which is what we set it to by default). >> If you set it to GRUB, KDM will try to talk to GRUB and SELinux will block >> it. > > Aha! I found it! > > It was indeed set to grub instead of none. I really don't remember ever > touching that setting, but memory can be misleading. Anyway, it doesn't > matter anymore. I have set it to none and SELinux stopped complaining. > > Thanks! :-) > Marko > Resoning for SELinux to deny this: Login programs are becoming a lot larger, lots of software needs to be run in order to allow "Assisted Technologies". Most of this software can be executed by a non logged in user, so a bug in the software could compromise the system. Allowing the login program to manipulate the boot environment might allow a slightly compromised login program to turn off security options like SELinux, or change other kernel options. All this for arguable value. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkm1HhEACgkQrlYvE4MpobNhCgCggOCnAxHmMmQFWscYG2VAeIQQ LiMAoOZXo8lg3elOJMP9IEzc3kas03g2 =VgF4 -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
