|
|
b94f200 |
Summary: Creates xguest user as a locked down user
|
|
|
b94f200 |
Name: xguest
|
|
|
93ef0ce |
Version: 1.0.10
|
|
|
44fff49 |
Release: 36%{?dist}
|
|
|
b94f200 |
License: GPLv2+
|
|
|
b94f200 |
Group: System Environment/Base
|
|
|
b94f200 |
BuildArch: noarch
|
|
|
b94f200 |
Source: http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
|
|
|
b94f200 |
URL: http://people.fedoraproject.org/~dwalsh/xguest/
|
|
|
b94f200 |
|
|
|
b94f200 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
5714d0e |
Requires(pre): pam >= 0.99.8.1-17 selinux-policy-targeted > 3.6.3-12
|
|
|
7e922be |
Requires(pre): policycoreutils-sandbox
|
|
|
b94f200 |
|
|
|
b94f200 |
%description
|
|
|
b94f200 |
Installing this package sets up the xguest user to be used as a temporary
|
|
|
b94f200 |
account to switch to or as a kiosk user account. The account is disabled unless
|
|
|
27db6e1 |
SELinux is in enforcing mode. The user is only allowed to log in via graphical login program.
|
|
|
b94f200 |
The home and temporary directories of the user will be polyinstantiated and
|
|
|
b94f200 |
mounted on tmpfs.
|
|
|
b94f200 |
|
|
|
b94f200 |
%prep
|
|
|
b94f200 |
%setup -q
|
|
|
b94f200 |
|
|
|
b94f200 |
%build
|
|
|
b94f200 |
|
|
|
b94f200 |
%clean
|
|
|
b94f200 |
%{__rm} -fR %{buildroot}
|
|
|
b94f200 |
|
|
|
b94f200 |
%install
|
|
|
b94f200 |
%{__rm} -fR %{buildroot}
|
|
|
01f2fc0 |
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/security/namespace.d/
|
|
|
93ef0ce |
%{__mkdir} -p %{buildroot}/var/lib/xguest/home
|
|
|
ac8f3ce |
install -m0644 xguest.conf %{buildroot}/%{_sysconfdir}/security/namespace.d/
|
|
|
b94f200 |
|
|
|
afcc033 |
%post
|
|
|
164a047 |
if [ $1 -eq 1 ]; then
|
|
|
f0c268c |
semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2> /dev/null || :
|
|
|
afcc033 |
(useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home/xguest xguest || semanage login -a -S targeted -s xguest_u xguest || semanage login -m -S targeted -s xguest_u xguest) 2>/dev/null || exit 1
|
|
|
06b8600 |
head -c 32 /dev/urandom | passwd xguest --stdin
|
|
|
b94f200 |
|
|
|
78ac101 |
echo "xguest:exclusive" >> /etc/security/sepermit.conf
|
|
|
b94f200 |
|
|
|
e522175 |
semanage -S targeted -i - << _EOF
|
|
|
e522175 |
boolean -m --on allow_polyinstantiation
|
|
|
e522175 |
boolean -m --on xguest_connect_network
|
|
|
e522175 |
boolean -m --on xguest_mount_media
|
|
|
e522175 |
boolean -m --on xguest_use_bluetooth
|
|
|
f0c268c |
_EOF
|
|
|
b94f200 |
fi
|
|
|
b94f200 |
|
|
|
b94f200 |
%files
|
|
|
b94f200 |
%defattr(-,root,root)
|
|
|
402b78f |
%{_sysconfdir}/security/namespace.d/xguest.conf
|
|
|
b94f200 |
%doc README LICENSE
|
|
|
afcc033 |
%dir /var/lib/xguest/home
|
|
|
afcc033 |
%dir /var/lib/xguest
|
|
|
b94f200 |
|
|
|
b94f200 |
%preun
|
|
|
164a047 |
if [ $1 -eq 0 ]; then
|
|
|
164a047 |
sed -i '/^xguest/d' /etc/security/sepermit.conf
|
|
|
b94f200 |
|
|
|
b94f200 |
fi
|
|
|
b94f200 |
|
|
|
b94f200 |
%changelog
|
|
|
44fff49 |
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-36
|
|
|
44fff49 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
44fff49 |
|
|
|
1c97c34 |
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-35
|
|
|
1c97c34 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
1c97c34 |
|
|
|
06b8600 |
* Thu Jun 16 2016 Lukas Vrabec <lvrabec@redhat.com> - 1.0.10-34
|
|
|
06b8600 |
- Security fix for CVE-2016-4980
|
|
|
06b8600 |
|
|
|
18bd42c |
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.10-33
|
|
|
18bd42c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
18bd42c |
|
|
|
462992a |
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-32
|
|
|
462992a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
462992a |
|
|
|
a2d1cc0 |
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-31
|
|
|
a2d1cc0 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
a2d1cc0 |
|
|
|
86e1667 |
* Mon Aug 26 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-30
|
|
|
86e1667 |
- Add random password so xguest will show up in gdm.
|
|
|
86e1667 |
|
|
|
c47e00a |
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-29
|
|
|
c47e00a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
c47e00a |
|
|
|
e2f2be2 |
* Mon May 13 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-28
|
|
|
b21e6d4 |
- Remove sabayon support from xguest, no longer supported.
|
|
|
b21e6d4 |
- Remove /etc/skel directories
|
|
|
b21e6d4 |
|
|
|
f7451af |
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-7
|
|
|
f7451af |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
f7451af |
|
|
|
402b78f |
* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-26
|
|
|
402b78f |
- Remove /etc/security/namespace.d from payload
|
|
|
402b78f |
|
|
|
82f0b95 |
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-5
|
|
|
82f0b95 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
82f0b95 |
|
|
|
edbdcd6 |
* Mon Jul 2 2012 Dan Walsh <dwalsh@redhat.com> - 1.0.10-4
|
|
|
27db6e1 |
- Remove Requirement for gdm
|
|
|
412ac5c |
- Fix xguest entry in /etc/shadow so gdm lists it
|
|
|
412ac5c |
|
|
|
661b8d4 |
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-3
|
|
|
661b8d4 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
661b8d4 |
|
|
|
afcc033 |
* Wed Dec 7 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.10-2
|
|
|
afcc033 |
- Change xguest homedir to be /var/lib/xguest/home/xguest
|
|
|
afcc033 |
|
|
|
93ef0ce |
* Fri Sep 23 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.10-1
|
|
|
93ef0ce |
- Make sure none of the gpk apps start on the desktop
|
|
|
93ef0ce |
|
|
|
93ef0ce |
* Tue Aug 2 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-6
|
|
|
93ef0ce |
- Change location of xguest home dir to /var/lib/xguest/home
|
|
|
93ef0ce |
|
|
|
20e5d5b |
* Wed Jun 15 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-5
|
|
|
5714d0e |
- Add requires for selinux-policy-targeted
|
|
|
5714d0e |
|
|
|
4ac751c |
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.9-4
|
|
|
4ac751c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
4ac751c |
|
|
|
e522175 |
* Tue Feb 1 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-3
|
|
|
e522175 |
- Fix boolean handling in the post install
|
|
|
e522175 |
|
|
|
8a02e28 |
* Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-2
|
|
|
8a02e28 |
- Fix semanage boolean line to use -i -
|
|
|
8a02e28 |
|
|
|
402b78f |
* Wed Oct 6 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.9-1
|
|
|
8a02e28 |
- Fix placement of xguest.zip file
|
|
|
8a02e28 |
|
|
|
62ca8f3 |
* Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.8-3
|
|
|
62ca8f3 |
- Fix sabayon remove
|
|
|
62ca8f3 |
|
|
|
832b06f |
* Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.8-2
|
|
|
3b64f01 |
- Fix sabayon installation
|
|
|
3b64f01 |
|
|
|
0e44b0c |
* Wed Nov 25 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.8-1
|
|
|
0e44b0c |
- Fix sabayon file
|
|
|
0e44b0c |
|
|
|
7e922be |
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-7
|
|
|
7e922be |
- Switch to use policycoreutils-sandbox init script
|
|
|
7e922be |
|
|
|
527841c |
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-6
|
|
|
527841c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
527841c |
|
|
|
b0e3dae |
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-5
|
|
|
b0e3dae |
- Changed to require policycoreutils-python
|
|
|
b0e3dae |
|
|
|
99c25d6 |
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-3
|
|
|
99c25d6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
99c25d6 |
|
|
|
e5bab28 |
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-1
|
|
|
e5bab28 |
- Change xguest init script to have proper summary
|
|
|
e5bab28 |
|
|
|
f0c268c |
* Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.6-8
|
|
|
f0c268c |
- Modify xguest to be able to be installed in a livecd
|
|
|
f0c268c |
|
|
|
537ade5 |
* Fri Apr 4 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-7
|
|
|
537ade5 |
- Require newer version of policy
|
|
|
537ade5 |
|
|
|
705a9e9 |
* Wed Mar 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-6
|
|
|
705a9e9 |
- Change gecos field to say "Guest"
|
|
|
705a9e9 |
|
|
|
164a047 |
* Wed Feb 27 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-5
|
|
|
164a047 |
- Leave xguest_u assignment on preun and always set the user to xguest_u on install
|
|
|
164a047 |
|
|
Florian La Roche |
29e8a96 |
* Mon Feb 11 2008 Florian La Roche <laroche@redhat.com> - 1.0.6-4
|
|
Florian La Roche |
29e8a96 |
- fix post requires on pam
|
|
Florian La Roche |
29e8a96 |
|
|
|
d69a969 |
* Thu Jan 31 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-3
|
|
|
78ac101 |
- Add support for exclusive login for xguest
|
|
|
78ac101 |
|
|
|
b94f200 |
* Tue Dec 18 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-2
|
|
|
b94f200 |
- Remove lines from namespace.init on package removal
|
|
|
b94f200 |
|
|
|
b94f200 |
* Mon Dec 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-1
|
|
|
b94f200 |
- Remove xguest init.d script on uninstall
|
|
|
b94f200 |
- Fix description
|
|
|
b94f200 |
|
|
|
b94f200 |
|
|
|
b94f200 |
* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-2
|
|
|
b94f200 |
- Turn on the xguest booleans
|
|
|
b94f200 |
|
|
|
b94f200 |
* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-1
|
|
|
b94f200 |
- Allow xguest to run nm-applet
|
|
|
b94f200 |
|
|
|
b94f200 |
* Tue Nov 27 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-2
|
|
|
b94f200 |
- Fix permissions on /etc/init.d/xguest
|
|
|
b94f200 |
|
|
|
b94f200 |
* Wed Nov 21 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-1
|
|
|
b94f200 |
- Add mount code to allow sharing of file system so hal and automount will work.
|
|
|
b94f200 |
- I have added an initscript to set the / as shared and /tmp, /var/tmp and /home/xguest as private
|
|
|
b94f200 |
|
|
|
b94f200 |
* Fri Oct 26 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.3-1
|
|
|
b94f200 |
- Remove exit lines
|
|
|
b94f200 |
- Add LICENSE
|
|
|
b94f200 |
|
|
|
b94f200 |
* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.2-1
|
|
|
b94f200 |
- Cleanup spec file
|
|
|
b94f200 |
|
|
|
b94f200 |
* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-2
|
|
|
b94f200 |
- Turn on allow_polyinstantiation boolean
|
|
|
b94f200 |
|
|
|
b94f200 |
* Fri Oct 12 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-1
|
|
|
b94f200 |
- Add sabayon support
|
|
|
b94f200 |
|
|
|
b94f200 |
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.0-1
|
|
|
b94f200 |
- Initial version
|