Verily I say unto thee, that Jesse Keating spake thusly: > On Thu, 2009-11-19 at 10:32 -0600, Chris Adams wrote: >> Once upon a time, Jesse Keating <jkeating@xxxxxxxxxx> said: >>> That is incorrect, unless somehow your ssh tunneled VNC registers as >>> "local console login", which I doubt. In your case, none of your users >>> would be allowed to install software/updates. Thanks. Just reading the reference material now. Is the policy: -constraint local or --constraint selinux_context:system_u:object_r:some_context_t Is there a URL to the default PolicyKit policy shipped in F12, so I can review it? In particular, I'm hoping to be able to re-roll the respective package to lock down the policy, then respin F12 with that modified package, for use on my network. >> VNC looks like a local console login. >> -- >> Chris Adams <cmadams@xxxxxxxxxx> >> Systems and Network Administrator - HiWAAY Internet Services >> I don't speak for anybody but myself - that's enough trouble. >> > > Not according to what I'm being told by the Desktop folks, at least as > far as PolicyKit and ConsoleKit are concerned. > > <Oxf13> hrm, in the world of PolicyKit and ConsoleKit, does a VNC login > look like a "console" login for the sake of policy? > <hughsie> Oxf13: no > <hughsie> if you log in, then start remote desktop, and then allow other > users to connect then it does > <hughsie> if you're just using vnc to create a virtual desktop for users > then it's not on_console, so to speak Good. I'm doing the latter (headless server). -- Regards, Keith G. Robertson-Turner -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
