• 1
will have a try. thanks.

You may have just saved me a ton of (heart | head) aches. I am willing to run this at home. I did not look yet, does it support a USB flash drive?

I had not done it yet, but I was mentally going through all of the steps so that I would have a similar foundation for a std installation:

- write bash/perl script to wipe out current account and create a new user account every time user logs out
- create a base folder for a set of applications that can be used to access the Internet that will be accessible for all to use
- to the screen, throw a set of images of characters of what the user account name will be and the password at log out for the next use. User has to write down the next username and password or they will not be able to access as a standard user. If they forget, they must log in as root and rerun shell script to set the event in motion to post the information.
- Make next username and password from randomized set of characters, set in to images, with the image file names not representative of the image contents.
- log in is not via keyboard but clicking on screen full of images! Hahaha....lots of fun.

I have some other stuff with regard to this, and am not going to say anything yet. I am going to take a look at what you've done.

I have been on and off a reader of your work and involvement in the development of SE Linux. I am not an expert in security, but this type of systems administration is much more fun than the standard fare.


We use a tmpfs for the homedir. And mount it using pam_namespace when the user logs. It also copies the contents of /etc/skel. So if you wanted a presetup user account, you could put all the files in the /etc/skel directory.

We do not require a login. It is using pam_sepermit, which allows specified users to login without a password, if SELinux is on in enforcing mode.

kiosk version has been updated to an i386 version.

Once this becomes a formal spin, I should be able to provide multiple versions for different OS. Since most machines can boot i386, I will just release this version for now.

  • 1

Log in