danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
X Guest Again
danwalsh
Now that Fedora 8 is approaching completion,  I have cut a new version of xguest.rpm

You must be fully updated to the latest rawhide.

To install you can copy down the rpm then execute

yum install --nogpgcheck xguest-1.0.1-2.fc8.noarch.rpm

This should also bring in the latest sabayon code.

This rpm will create an xguest user account with a disabled password.

You can not log into this account by anything but gdm when SELinux is in enforcing mode.

It uses pam_selinux_permit to perform this magic.

This rpm sets up pam_namespace to mount a temporary file system for /tmp, /var/tmp and $HOME.

It also uses sabayon to change the default login.  Basically it removes any of the privledged panel apps that a normal login session would run

setroubleshoot, network manager, performance manager. logout.

You should have a full login session, but not be able to talk to any network ports, other then using firefox to talk to the web, other apps like curl , and links will fail.  You can not run any setuid applications. 

Try it out and tell me what you think.

xguest works great for me on my freshly installed Fedora 8 system, but all the changes I make to gnome toolbars disappear after each logout. This seems like a good thing by design, but I was wondering how I could adjust the desktop layout?

You are viewing danwalsh