Daniel J Walsh wrote:
On 09/29/2009 03:45 PM, Jay Greguske wrote:
> Jeremy Katz wrote:
>> On Fri, Sep 25, 2009 at 8:59 AM, Jay Greguske <jgregusk(a)redhat.com> wrote:
>>> Jeremy Katz wrote:
>>>> There have been some problems more recently with the booleans stuff if
>>>> SELinux isn't enabled. Does that all end up working correctly
>>> I'll look into it. Are there any you have in mind specifically?
>> Dan might remember better than I -- I vaguely remember that a lot of
>> the home directory bits and also some of the xguest stuff requires
>> working booleans
>> - Jeremy
> I installed xguest to a running livecd (desktop ks file) and played with
> two booleans related to it: browser_write_xguest_data, and
> xguest_connect_network. With the former turned off the Guest account
> could not download files from random internet sites, and with the latter
> it couldn't connect at all, so I'd say they were functioning as
> expected. I'm pretty confident SELinux booleans are working correctly
> with these changes. If you have other tests to suggest I'd be happy to
> try them out.
> - Jay
How much work would it be to create a livecd with only an xguest login.
Random Root password and no user accounts.
So the cd could only run xguest. I know if you can boot the cd you can beat the system,
but it might be a cool demo.
Should be pretty easy: you just need the right kickstart configuration
file. While things are quiet this week I'll see if I can produce that