-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Kofler wrote: > Daniel J Walsh wrote: >> I have also seen similar with it trying to create the directory in >> /root. Which is also somewhat bad. I do not want to give login >> programs the ability to write to these directories, because attackers >> without passwords can get the login programs to execute large amounts of >> codes without ever identifying themselves. gdm is setup with a homedir >> of /var/lib/gdm, which allows us to confine the gdm login program. >> >> Kde login needs something similar, I believe there is a bug on this, >> but it would not hurt to open another. > > KDM runs as root, so of course its homedir is /root. KDM does not support > running as anything other than root (just like XDM and pretty much any > display manager other than the latest GDM). > > Kevin Kofler > Its homedir is not currently /root it is /. That is what the AVC's are indicating. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmavNUACgkQrlYvE4MpobNtFQCffL+nby+dxcvRxeO+Vwtd3TKM zRoAn1DJ4/7ilc25OBsZ+bDv43G8uR4H =HT6G -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
