• 1

/home/xguest not cleaned up

(Anonymous)
I gave the xguest package a try but could not get it properly running. After installation of the xguest-1.0.6-2.fc8 rpm package the file /etc/security/namespace.conf has the entries you explained above. Also the /etc/pam.d/gdm has the namespace plugin loaded as described above. After a xguest login the directories /tmp and /var/tmp are changed but _not_ the $HOME directory. I can create files and after a logout they still exist.
Did I miss something?

Re: /home/xguest not cleaned up

(Anonymous)
Ok, as it seems to me the fact that the files which are created during the session still stay as long as the next login of xguest. They get deleted as soon as the next xguest login starts. A little bit strange but OK ;-)

Re: /home/xguest not cleaned up

I think you have stumbled upon a bug, that we have been fixing in pam_selinux_permit.

Not all processes are guaranteed to be killed on logout. So if a stray process (bonobo?) is still running, it will prevent pam_namespace from unmounting the homedir, and thus cleaning up the temporary file system. When you log in a second time. A new temporary file system is getting mounted over the old homedir so you see the files dissapear.

The new pam_selinux_permit will allow us to set an exclusive flag.

# /etc/security/sepermit.conf
#
# Each line contains either:
# - an user name
# - a group name, with @group syntax
# - a SELinux user name, with %seuser syntax
# Each line can contain optional arguments separated by :
# The possible arguments are:
# - exclusive - only single login session will
# be allowed for the user and the user's processes
# will be killed on logout
xguest:exclusive


This flag will prevent a user from logging in without a password if a process is running with this UID. AND it will try to kill all processes running with the UID when you log out, which would allow the homedir to be unmounted.

I hope to get this back ported to Fedora 8 and I will update the xguest package to take advantage.

Re: /home/xguest not cleaned up

Hi
at the beginning Sorry for my english:-((
I've problem:
I need to Creat a Kiosk on Fedora 8 but I want open only windows aplication from wine tool on start.
it is possible??
If Yes -Please explain me step by step how I can do this.
I will add I am beginner user of Linux;-(

Please HELP

Re: /home/xguest not cleaned up

Please take questions like these to the Fedora-SELinux email list.

Re: /home/xguest not cleaned up

Thanks danwalsh:)

  • 1
?

Log in