danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
X Guest Again
danwalsh
Now that Fedora 8 is approaching completion,  I have cut a new version of xguest.rpm

You must be fully updated to the latest rawhide.

To install you can copy down the rpm then execute

yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm

This should also bring in the latest sabayon code.

This rpm will create an xguest user account with a disabled password.

You can not log into this account by anything but gdm when SELinux is in enforcing mode.

It uses pam_selinux_permit to perform this magic.

This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.

It also uses sabayon to change the default login.  Basically it removes any of the privledged panel apps that a normal login session would run

setroubleshoot, network manager, performance manager. logout.

You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail.  You can not run any setuid applications. 

Try it out and tell me what you think.

Yep - it works for me too. Not too sure what some of the previous comments mean though;-)

Regards
Bob
Rent-a-Website

You are viewing danwalsh