On 9/18/18 8:10 PM, Robert Moskowitz wrote: > I maintain some servers via VNC (over my internal network, firewall rules prevent > remote connections). > > In the past, I would VNC in as root and I had all the control I needed. I am > trying to get away from root over VNC. I discovered that a user account cannot > mount a USB drive, no permissions. > > This is true for a USB stick, USB connected HD, and a USB connected CD burner (K3b > does not even see the drive). > > I am assuming this is an SELinux feature. I want the user I have set up for VNC > access (that is also in the Wheel group) to be able to perform this function. I > don't want to have to command line sudo mount, nor can I figure out what k3b would > need. > > I have been googling this problem for a few days, but either my search foo is weak > (nothing new there), or there is really no information out there on this. > > So if this IS an SELinux feature, can someone help me with what I would need as a > policy rule? > > Oh, right now I am doing this for Fedora 29-armfhp beta. I will also be doing it > for Centos7-armfhp. I doubt this is an selinux issue. Of course you could test this by setting selinux to permissive. I say this is probably not an selinux issue since I have a F29Beta system (KDE) running in a VM. I have the system running a VNC server and connect to it. While connected I insert a USB flash drive. The systray of the VNC client recognizes the USB flash drive. When I indicate that I want to open it with a file viewer (dolphin) I get a popup asking for a password. The popup indicates it to be a "policykit" request. In order for me to make it work I think I'd have to make changes in the policykit area. Kinda late in my day but I may research in the AM. -- Cardinal Rule of Presentations: "Tell them what you are going to tell them, tell them, then tell them what you told them."
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
