rpms / xguest

Clone
Source Code
GIT

Files

  1.   164a047ca10048c074a108d160f2814107fb1436
  2.   xguest.spec
Blob Blame History Raw 
Summary: Creates xguest user as a locked down user 
Name: xguest
Version: 1.0.6
Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
BuildArch: noarch
Source: http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
URL: http://people.fedoraproject.org/~dwalsh/xguest/

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(pre): pam >= 0.99.8.1-17 selinux-policy > 3.0.8-60.fc8 selinux-policy-base
Requires(pre): policycoreutils
Requires(post): sabayon-apply
Requires: gdm >= 1:2.20.0-15.fc8

%description
Installing this package sets up the xguest user to be used as a temporary
account to switch to or as a kiosk user account. The account is disabled unless
SELinux is in enforcing mode. The user is only allowed to log in via gdm.
The home and temporary directories of the user will be polyinstantiated and
mounted on tmpfs.

%prep
%setup -q

%build

%clean
%{__rm} -fR %{buildroot}

%install
%{__rm} -fR %{buildroot}
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/desktop-profiles
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
install -m0644 xguest.zip %{buildroot}/%{_sysconfdir}/desktop-profiles/
install -m0755 xguest.init %{buildroot}/%{_sysconfdir}/rc.d/init.d/xguest

%pre
if [ $1 -eq 1 ]; then
semanage user -a -P xguest -R xguest_r xguest_u  2> /dev/null
(useradd -c "X Guest User" -Z xguest_u xguest || semanage login -a -s xguest_u xguest || semanage login -m -s xguest_u xguest) 2>/dev/null || exit 1

echo -n \
'
# xguest begin
# Inserted by the xguest package.
/tmp    tmpfs   tmpfs   ~xguest
/var/tmp        tmpfs   tmpfs   ~xguest
$HOME           tmpfs   tmpfs   ~xguest
# xguest end
' >> /etc/security/namespace.conf 

echo "xguest:exclusive" >> /etc/security/sepermit.conf

setsebool -P allow_polyinstantiation=1 browser_confine_xguest=1 browser_write_xguest_data=1 xguest_connect_network=1 xguest_mount_media=1 xguest_use_bluetooth=1

fi

%post
if [ $1 -eq 1 ]; then
/sbin/chkconfig xguest --add

# Add two directories to /etc/skell so pam_namespace will label properly
mkdir /etc/skel/.mozilla 2> /dev/null
mkdir /etc/skel/.gnome2 2> /dev/null

/usr/bin/python << __eof
from sabayon import userdb
db = userdb.get_database()
db.set_profile("xguest", "xguest.zip")
__eof

fi

%files
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/desktop-profiles/xguest.zip
%{_sysconfdir}/rc.d/init.d/xguest
%doc README LICENSE

%preun
if [ $1 -eq 0 ]; then
sed -i '/^xguest/d' /etc/security/sepermit.conf
sed -i '/^# xguest begin/,/^# xguest end/d' /etc/security/namespace.conf 

/usr/bin/python << __eof
from sabayon import userdb
db = userdb.get_database()
db.set_profile("xguest", "")
__eof

/sbin/chkconfig --del xguest 
fi

%changelog
* Wed Feb 27 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-5
- Leave xguest_u assignment on preun and always set the user to xguest_u on install

* Mon Feb 11 2008 Florian La Roche <laroche@redhat.com> - 1.0.6-4
- fix post requires on pam

* Thu Jan 31 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-3
- Add support for exclusive login for xguest

* Tue Dec 18 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-2
- Remove lines from namespace.init on package removal

* Mon Dec 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-1
- Remove xguest init.d script on uninstall
- Fix description


* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-2
- Turn on the xguest booleans

* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-1
- Allow xguest to run nm-applet

* Tue Nov 27 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-2
- Fix permissions on /etc/init.d/xguest

* Wed Nov 21 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-1
- Add mount code to allow sharing of file system so hal and automount will work.
- I have added an initscript to set the / as shared and /tmp, /var/tmp and /home/xguest as private

* Fri Oct 26 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.3-1
- Remove exit lines
- Add LICENSE

* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.2-1
- Cleanup spec file

* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-2
- Turn on allow_polyinstantiation boolean

* Fri Oct 12 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-1
- Add sabayon support

* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.0-1
- Initial version
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.