danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
X Guest Again
danwalsh
Now that Fedora 8 is approaching completion,  I have cut a new version of xguest.rpm

You must be fully updated to the latest rawhide.

To install you can copy down the rpm then execute

yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm

This should also bring in the latest sabayon code.

This rpm will create an xguest user account with a disabled password.

You can not log into this account by anything but gdm when SELinux is in enforcing mode.

It uses pam_selinux_permit to perform this magic.

This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.

It also uses sabayon to change the default login.  Basically it removes any of the privledged panel apps that a normal login session would run

setroubleshoot, network manager, performance manager. logout.

You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail.  You can not run any setuid applications. 

Try it out and tell me what you think.

Re: Adjusting the xguest homedir

(Anonymous)

2007-12-14 03:51 pm (UTC)

Is sabayon is working for you in F8?
When i edit xguest some selinux errors appear then it fails on saving...
Any alternatives?

===== BEGIN MILESTONES (/usr/sbin/sabayon) =====
MainThread 2007/12/14 17:38:13.0121 (admin-tool): Creating profiles dialog
MainThread 2007/12/14 17:38:13.2246 (admin-tool): Starting main loop
MainThread 2007/12/14 17:39:28.4953 (admin-tool): Got fatal error: sabayon-session exited with a FATAL ERROR (exit code 1)
MainThread 2007/12/14 17:39:40.6043 (admin-tool): Terminating main loop
MainThread 2007/12/14 17:39:40.6044 (admin-tool): Exiting abnormally; dumping log due to a fatal error
===== END MILESTONES (/usr/sbin/sabayon) =====
===== BEGIN RING BUFFER (/usr/sbin/sabayon) =====
MainThread 2007/12/14 17:38:13.0121 (admin-tool): Creating profiles dialog
MainThread 2007/12/14 17:38:13.2246 (admin-tool): Starting main loop
MainThread 2007/12/14 17:38:15.6926 (USER): Starting to edit profile 'xguest'
MainThread 2007/12/14 17:39:28.4953 (admin-tool): Got fatal error: sabayon-session exited with a FATAL ERROR (exit code 1)
MainThread 2007/12/14 17:39:40.6038 (USER): Finishing editing profile
MainThread 2007/12/14 17:39:40.6043 (admin-tool): Terminating main loop
MainThread 2007/12/14 17:39:40.6044 (admin-tool): Exiting abnormally; dumping log due to a fatal error
===== END RING BUFFER (/usr/sbin/sabayon) =====


This configuration for the debug log can be re-created
by putting the following in /root/sabayon-debug-log.conf
(use ';' to separate domain names):

[debug log]

You are viewing danwalsh