[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?

Tue Sep 29 20:32:24 UTC 2009

Daniel J Walsh wrote:
> On 09/29/2009 03:45 PM, Jay Greguske wrote:
>   
>> Jeremy Katz wrote:
>>     
>>> On Fri, Sep 25, 2009 at 8:59 AM, Jay Greguske <jgregusk at redhat.com> wrote:
>>>   
>>>       
>>>> Jeremy Katz wrote:
>>>>     
>>>>         
>>>>> There have been some problems more recently with the booleans stuff if
>>>>> SELinux isn't enabled.  Does that all end up working correctly still?
>>>>>
>>>>>       
>>>>>           
>>>> I'll look into it. Are there any you have in mind specifically?
>>>>     
>>>>         
>>> Dan might remember better than I -- I vaguely remember that a lot of
>>> the home directory bits and also some of the xguest stuff requires
>>> working booleans
>>>
>>> - Jeremy
>>>   
>>>       
>> I installed xguest to a running livecd (desktop ks file) and played with
>> two booleans related to it: browser_write_xguest_data, and
>> xguest_connect_network. With the former turned off the Guest account
>> could not download files from random internet sites, and with the latter
>> it couldn't connect at all, so I'd say they were functioning as
>> expected. I'm pretty confident SELinux booleans are working correctly
>> with these changes. If you have other tests to suggest I'd be happy to
>> try them out.
>>
>> Thanks,
>> - Jay
>>     
> How much work would it be to create a livecd with only an xguest login.  
> Random Root password and no user accounts.
>
> So the cd could only run xguest.  I know if you can boot the cd you can beat the system, but it might be a cool demo.
>   

Should be pretty easy: you just need the right kickstart configuration
file. While things are quiet this week I'll see if I can produce that
for you.