Now that Fedora 8 is approaching completion, I have cut a new version of xguest.rpm
You must be fully updated to the latest rawhide.
To install you can copy down the rpm then execute
yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm
This should also bring in the latest sabayon code.
This rpm will create an xguest user account with a disabled password.
You can not log into this account by anything but gdm when SELinux is in enforcing mode.
It uses pam_selinux_permit to perform this magic.
This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.
It also uses sabayon to change the default login. Basically it removes any of the privledged panel apps that a normal login session would run
setroubleshoot, network manager, performance manager. logout.
You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail. You can not run any setuid applications.
Try it out and tell me what you think.
2008-07-11 01:38 am (UTC)