danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
X Guest Again
danwalsh
Now that Fedora 8 is approaching completion,  I have cut a new version of xguest.rpm

You must be fully updated to the latest rawhide.

To install you can copy down the rpm then execute

yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm

This should also bring in the latest sabayon code.

This rpm will create an xguest user account with a disabled password.

You can not log into this account by anything but gdm when SELinux is in enforcing mode.

It uses pam_selinux_permit to perform this magic.

This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.

It also uses sabayon to change the default login.  Basically it removes any of the privledged panel apps that a normal login session would run

setroubleshoot, network manager, performance manager. logout.

You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail.  You can not run any setuid applications. 

Try it out and tell me what you think.

Adjusting the xguest homedir

danwalsh

2007-11-12 08:41 pm (UTC)

xguest is using a tool called sabayon to setup the home directory.

http://www.gnome.org/projects/sabayon

Every time you login the gnome scrips execute sabayon-apply which reads
/etc/desktop-profiles/users.xml

for a mapping between the login user name and the sabayon zip file

cat /etc/desktop-profiles/users.xml







You will see the xguest.zip file there. If you want to modify the xguest login, you need to install sabayon (gui) tool, and run it. You can then select the xguest.zip file and change the gnome session on login.

No HTML allowed in subject

  
 
   
 

(will be screened)

You are viewing danwalsh