Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-108219

Need to switch off SELinux in order to access the remote desktop headless

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Critical
    • rhel-display-window-mgmt
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The docs for remote desktop set up say that we need to set SELinux permissive

      Prerequisites

      gnome-remote-desktop package is installed.
      gdm package is installed.
      freerdp package is installed.
      The session, such as the kiosk session or the workstation session, is installed. For more information, see How to install a graphical user internface (GUI) for Red Hat Enterprise Linux?
      SELinux is running in permissive mode. For more information, see Changing SELinux to permissive mode

      ref. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html-single/administering_rhel_by_using_the_gnome_desktop_environment/index#connecting-to-a-remote-desktop-session-on-a-headless-server-for-a-single-user
      https://gitlab.cee.redhat.com/red-hat-enterprise-linux-documentation/rhel-10-docs/-/merge_requests/664

      This needs to be fixed, we can't switch off our security for graphical environment access. Or do I misunderstand this? Is there another issue for follow up? I couldn't find it.

      I'm setting this issue RH internal and Severity Critical because IIUC, we'd reveal attack surface on RHEL servers. I might be wrong.

              jadahl@redhat.com Jonas Ådahl
              smitterl@redhat.com Sebastian Mitterle
              Jonas Ådahl Jonas Ådahl
              Radek Duda Radek Duda
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: