On 9/18/18 10:16 AM, Ed Greshko wrote:
On 9/18/18 8:10 PM, Robert Moskowitz wrote:I maintain some servers via VNC (over my internal network, firewall rules prevent remote connections). In the past, I would VNC in as root and I had all the control I needed. I am trying to get away from root over VNC. I discovered that a user account cannot mount a USB drive, no permissions. This is true for a USB stick, USB connected HD, and a USB connected CD burner (K3b does not even see the drive). I am assuming this is an SELinux feature. I want the user I have set up for VNC access (that is also in the Wheel group) to be able to perform this function. I don't want to have to command line sudo mount, nor can I figure out what k3b would need. I have been googling this problem for a few days, but either my search foo is weak (nothing new there), or there is really no information out there on this. So if this IS an SELinux feature, can someone help me with what I would need as a policy rule? Oh, right now I am doing this for Fedora 29-armfhp beta. I will also be doing it for Centos7-armfhp.I doubt this is an selinux issue. Of course you could test this by setting selinux to permissive. I should have remembered this. setenforce 0 did not make a difference. The problem is probably elsewhere... I say this is probably not an selinux issue since I have a F29Beta system (KDE) running in a VM. I have the system running a VNC server and connect to it. While connected I insert a USB flash drive. The systray of the VNC client recognizes the USB flash drive. When I indicate that I want to open it with a file viewer (dolphin) I get a popup asking for a password. The popup indicates it to be a "policykit" request. In order for me to make it work I think I'd have to make changes in the policykit area. Kinda late in my day but I may research in the AM. |
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx