On 08/02/2009 02:47 PM, Garry T. Williams wrote: > I noticed these denials (denying execute of grub by kdm) appearing > about a month ago (Fedora 11) whenever I select the "Leave" option on > the desktop right-click menu. I did a search and found this: > > https://bugzilla.redhat.com/show_bug.cgi?id=505408 > > Daniel Walsh (Mr. Selinux for Red Hat) says it will not be fixed > because it's considered a security exposure to allow the login screen > to "modify grub without logging in". > > What's up with this? What is kdm up to here? If you modify /etc/kde/kdmrc away from the default BootManager=None to BootManager=Grub You'll get the policy denials per the aforementioned bug, true. It requires low-level access to the bootloader to control the next boot, which Dan wasn't willing to grant by default. If you wish to do so anyway, you'll need add your own selinux policy to explictly allow that (or disable selinux). Does that cover your question(s)? -- Rex
