Daniel J Walsh wrote:
> On 09/29/2009 03:45 PM, Jay Greguske wrote:
>
>> Jeremy Katz wrote:
>>
>>> On Fri, Sep 25, 2009 at 8:59 AM, Jay Greguske <jgregusk(a)redhat.com> wrote:
>>>
>>>
>>>> Jeremy Katz wrote:
>>>>
>>>>
>>>>> There have been some problems more recently with the booleans stuff if
>>>>> SELinux isn't enabled. Does that all end up working correctly still?
>>>>>
>>>>>
>>>>>
>>>> I'll look into it. Are there any you have in mind specifically?
>>>>
>>>>
>>> Dan might remember better than I -- I vaguely remember that a lot of
>>> the home directory bits and also some of the xguest stuff requires
>>> working booleans
>>>
>>> - Jeremy
>>>
>>>
>> I installed xguest to a running livecd (desktop ks file) and played with
>> two booleans related to it: browser_write_xguest_data, and
>> xguest_connect_network. With the former turned off the Guest account
>> could not download files from random internet sites, and with the latter
>> it couldn't connect at all, so I'd say they were functioning as
>> expected. I'm pretty confident SELinux booleans are working correctly
>> with these changes. If you have other tests to suggest I'd be happy to
>> try them out.
>>
>> Thanks,
>> - Jay
>>
> How much work would it be to create a livecd with only an xguest login.
> Random Root password and no user accounts.
>
> So the cd could only run xguest. I know if you can boot the cd you can beat the system, but it might be a cool demo.
>
Should be pretty easy: you just need the right kickstart configuration
file. While things are quiet this week I'll see if I can produce that
for you.