Bug 121668
Summary: | role select at GNOME login | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Yoshinobu Akimoto <yoshia> |
Component: | gdm | Assignee: | Ray Strode [halfline] <rstrode> |
Status: | CLOSED NOTABUG | QA Contact: | Mike McLean <mikem> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, walters, wtogami |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-12-02 16:04:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yoshinobu Akimoto
2004-04-25 01:54:17 UTC
Colin, Dan, any thoughts? IMHO, is it really any good reason to allow the entire desktop session sysadm role when users can change to that role within a console if they really need such access? I think in order to make this useful, we need infrastructure in SELinux for displaying somewhat more human-readable role identifiers to users. Like "Administrator Role" instead of sysadm_r, and "Normal Role" or something instead of user_r. Warren - we're not just talking about sysadm_r here; in SELinux the user could have a number of different roles, like webmaster_r and developer_r. Allowing gnome to X-Windows login to login as other roles was decided to be not appropriate. Admins can setup the /etc/selinux/strict/context/users directory to change the default role that a user logs in as. |