On 9/18/18 10:16 AM, Ed Greshko wrote:
On 9/18/18 8:10 PM, Robert Moskowitz wrote:
I maintain some servers via VNC (over my internal network, firewall rules prevent
remote connections).
In the past, I would VNC in as root and I had all the control I needed. I am
trying to get away from root over VNC. I discovered that a user account cannot
mount a USB drive, no permissions.
This is true for a USB stick, USB connected HD, and a USB connected CD burner (K3b
does not even see the drive).
I am assuming this is an SELinux feature. I want the user I have set up for VNC
access (that is also in the Wheel group) to be able to perform this function. I
don't want to have to command line sudo mount, nor can I figure out what k3b would
need.
I have been googling this problem for a few days, but either my search foo is weak
(nothing new there), or there is really no information out there on this.
So if this IS an SELinux feature, can someone help me with what I would need as a
policy rule?
Oh, right now I am doing this for Fedora 29-armfhp beta. I will also be doing it
for Centos7-armfhp.
I doubt this is an selinux issue. Of course you could test this by setting selinux
to permissive.
I say this is probably not an selinux issue since I have a F29Beta system (KDE)
running in a VM. I have the system running a VNC server and connect to it.
While connected I insert a USB flash drive. The systray of the VNC client recognizes
the USB flash drive. When I indicate that I want to open it with a file viewer
(dolphin) I get a popup asking for a password. The popup indicates it to be a
"policykit" request.
In order for me to make it work I think I'd have to make changes in the policykit
area. Kinda late in my day but I may research in the AM.
Well I am off tomorrow for Yom Kippur, so you have time...
I am seeing the drive on my desktop. Xfce is recognizing it. But I
cannot mount it; get permissions error.
But the PolicyKit point is interesting. See my addition to bug 484945
https://bugzilla.redhat.com/show_bug.cgi?id=484945
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx