List Info

Thread: I have made some changes to sabayon to work in an SELinux environment
I have made some changes to sabayon to work in an SELinux environment
user name
 2007-10-13 09:03:27 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have created a login account for Linux that can be used
for kiosk
systems.  I call it the xguest account.

It is futher described below.

http://dan
walsh.livejournal.com/13376.html

One of the problems with this limited privs account is that
the default
X Windows account runs lots of applications that require
privs.  So I
need a way to not run these applications for this UID. 
Finally the home
directory for this user gets recreated (tmpfs) every time
the user logs
in.  Currently the pam_namespace copies the contents of
/etc/skel each
time a user logs in.  I don't want to put these changes in
/etc/skel,
since the admin might create an account for another user and
would want
the default.  So sabayon is the perfect application to use
for the
xguest account.

I had to make several changes to sabayon to make it work
with SELinux
and to work well with the xguest account.  I think these
changes are all
upstreamable.  And would be useful to others.

SELinux fix to label created file correctly
 - When sabayon creates the DOMAIN.zip file it creates it in
/tmp and
then "mv"s it to /etc/desktop-profiles/  This
results in the file with a
bad SELinux label unconfined_tmp_t instead of etc_t.  So
most user
accounts that are not unconfined would not be able to read
the file.  So
the SELinux code will change the context to be the system
default.  The
SELinux code should be a noop on machines that do not
support selinux


If all the directories did not exist in the unzip file
sabayon-apply was
failing,  So I changes os.mkdir to os.makedirs fix to create
all
subdirectories on install


sabayon-apply was writing bad data in the .xsession-errors
file when a
user did not have a user profile, I Fixed to to not fail if
a user is
not using a sabayon file.  Although sabayon-apply should be
less noicy
still.

One of the things I need for the xguest is the ability to
remove
autostart files,   This is done through the .config/auostart
directory
so I re-added .config directory so that I can remove
autostart executables.

I noticed lots of other noice being added to the zip file so
I removed
.tomboy, .redhat and other files that should not be
collected.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


iD8DBQFHENAurlYvE4MpobMRApObAKCHQU2IyGyHQftZWPEKQmko2hYkBgCa
A+Al
7cjHAIggwg+gbRXsExeLDaE=
=wydL
-----END PGP SIGNATURE-----

_______________________________________________
sabayon-list mailing list
sabayon-listgnome.org
h
ttp://mail.gnome.org/mailman/listinfo/sabayon-list
  
  
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )