Dan Walsh's Blog

Now that Fedora 8 is approaching completion, I have cut a new version of xguest.rpm

You must be fully updated to the latest rawhide.

To install you can copy down the rpm then execute

yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm

This should also bring in the latest sabayon code.

This rpm will create an xguest user account with a disabled password.

You can not log into this account by anything but gdm when SELinux is in enforcing mode.

It uses pam_selinux_permit to perform this magic.

This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.

It also uses sabayon to change the default login. Basically it removes any of the privledged panel apps that a normal login session would run

setroubleshoot, network manager, performance manager. logout.

You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail. You can not run any setuid applications.

Try it out and tell me what you think.

( Read 18 comments )

Re: Adjusting the xguest homedir

(Anonymous)

2007-12-14 03:51 pm (UTC)

Is sabayon is working for you in F8?
When i edit xguest some selinux errors appear then it fails on saving...
Any alternatives?

===== BEGIN MILESTONES (/usr/sbin/sabayon) =====
MainThread 2007/12/14 17:38:13.0121 (admin-tool): Creating profiles dialog
MainThread 2007/12/14 17:38:13.2246 (admin-tool): Starting main loop
MainThread 2007/12/14 17:39:28.4953 (admin-tool): Got fatal error: sabayon-session exited with a FATAL ERROR (exit code 1)
MainThread 2007/12/14 17:39:40.6043 (admin-tool): Terminating main loop
MainThread 2007/12/14 17:39:40.6044 (admin-tool): Exiting abnormally; dumping log due to a fatal error
===== END MILESTONES (/usr/sbin/sabayon) =====
===== BEGIN RING BUFFER (/usr/sbin/sabayon) =====
MainThread 2007/12/14 17:38:13.0121 (admin-tool): Creating profiles dialog
MainThread 2007/12/14 17:38:13.2246 (admin-tool): Starting main loop
MainThread 2007/12/14 17:38:15.6926 (USER): Starting to edit profile 'xguest'
MainThread 2007/12/14 17:39:28.4953 (admin-tool): Got fatal error: sabayon-session exited with a FATAL ERROR (exit code 1)
MainThread 2007/12/14 17:39:40.6038 (USER): Finishing editing profile
MainThread 2007/12/14 17:39:40.6043 (admin-tool): Terminating main loop
MainThread 2007/12/14 17:39:40.6044 (admin-tool): Exiting abnormally; dumping log due to a fatal error
===== END RING BUFFER (/usr/sbin/sabayon) =====

This configuration for the debug log can be re-created
by putting the following in /root/sabayon-debug-log.conf
(use ';' to separate domain names):

[debug log]

From:	LiveJournal Facebook Twitter OpenID Google Mail.Ru VKontakte Anonymous LiveJournal Don't have an account? Create one now. Facebook You can easily comment on posts under your Facebook account Twitter You can easily comment on posts at LiveJournal under your Twitter account OpenID Identity URL: Google You can easily comment on posts at LiveJournal under your Google account Mail.Ru You can easily comment on posts under your Mail.ru account VKontakte You can easily comment on posts at LiveJournal under your VKontakte account Anonymous - this user has disabled anonymous posting.
Subject:	No HTML allowed in subject Don't auto-format:
Message:

	Check spelling during preview
	(will be screened)

danwalsh

Got SELinux?

Re: Adjusting the xguest homedir