|
|
0b3179 |
Summary: Creates xguest user as a locked down user
|
|
|
0b3179 |
Name: xguest
|
|
|
0b3179 |
Version: 1.0.10
|
|
|
0b3179 |
Release: 32%{?dist}
|
|
|
0b3179 |
License: GPLv2+
|
|
|
0b3179 |
Group: System Environment/Base
|
|
|
0b3179 |
BuildArch: noarch
|
|
|
0b3179 |
Source: http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
|
|
|
0b3179 |
URL: http://people.fedoraproject.org/~dwalsh/xguest/
|
|
|
0b3179 |
|
|
|
0b3179 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
0b3179 |
Requires(pre): pam >= 0.99.8.1-17 selinux-policy-targeted > 3.6.3-12
|
|
|
0b3179 |
Requires(pre): policycoreutils-sandbox
|
|
|
0b3179 |
|
|
|
0b3179 |
%description
|
|
|
0b3179 |
Installing this package sets up the xguest user to be used as a temporary
|
|
|
0b3179 |
account to switch to or as a kiosk user account. The account is disabled unless
|
|
|
0b3179 |
SELinux is in enforcing mode. The user is only allowed to log in via graphical login program.
|
|
|
0b3179 |
The home and temporary directories of the user will be polyinstantiated and
|
|
|
0b3179 |
mounted on tmpfs.
|
|
|
0b3179 |
|
|
|
0b3179 |
%prep
|
|
|
0b3179 |
%setup -q
|
|
|
0b3179 |
|
|
|
0b3179 |
%build
|
|
|
0b3179 |
|
|
|
0b3179 |
%clean
|
|
|
0b3179 |
%{__rm} -fR %{buildroot}
|
|
|
0b3179 |
|
|
|
0b3179 |
%install
|
|
|
0b3179 |
%{__rm} -fR %{buildroot}
|
|
|
0b3179 |
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/security/namespace.d/
|
|
|
0b3179 |
%{__mkdir} -p %{buildroot}/var/lib/xguest/home
|
|
|
0b3179 |
install -m0644 xguest.conf %{buildroot}/%{_sysconfdir}/security/namespace.d/
|
|
|
0b3179 |
|
|
|
0b3179 |
%post
|
|
|
0b3179 |
if [ $1 -eq 1 ]; then
|
|
|
0b3179 |
semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2> /dev/null || :
|
|
|
0b3179 |
(useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home/xguest xguest || semanage login -a -S targeted -s xguest_u xguest || semanage login -m -S targeted -s xguest_u xguest) 2>/dev/null || exit 1
|
|
|
0b3179 |
head -1 /dev/urandom | passwd xguest --stdin > /dev/null
|
|
|
0b3179 |
|
|
|
0b3179 |
echo "xguest:exclusive" >> /etc/security/sepermit.conf
|
|
|
0b3179 |
|
|
|
0b3179 |
semanage -S targeted -i - << _EOF
|
|
|
0b3179 |
boolean -m --on allow_polyinstantiation
|
|
|
0b3179 |
boolean -m --on xguest_connect_network
|
|
|
0b3179 |
boolean -m --on xguest_mount_media
|
|
|
0b3179 |
boolean -m --on xguest_use_bluetooth
|
|
|
0b3179 |
_EOF
|
|
|
0b3179 |
fi
|
|
|
0b3179 |
|
|
|
0b3179 |
%files
|
|
|
0b3179 |
%defattr(-,root,root)
|
|
|
0b3179 |
%{_sysconfdir}/security/namespace.d/xguest.conf
|
|
|
0b3179 |
%doc README LICENSE
|
|
|
0b3179 |
%dir /var/lib/xguest/home
|
|
|
0b3179 |
%dir /var/lib/xguest
|
|
|
0b3179 |
|
|
|
0b3179 |
%preun
|
|
|
0b3179 |
if [ $1 -eq 0 ]; then
|
|
|
0b3179 |
sed -i '/^xguest/d' /etc/security/sepermit.conf
|
|
|
0b3179 |
|
|
|
0b3179 |
fi
|
|
|
0b3179 |
|
|
|
0b3179 |
%triggerpostun -- xguest < 1.0.10-31
|
|
|
0b3179 |
head -1 /dev/urandom | passwd xguest --stdin >/dev/null
|
|
|
0b3179 |
exit 0
|
|
|
0b3179 |
|
|
|
0b3179 |
%changelog
|
|
|
0b3179 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.0.10-32
|
|
|
0b3179 |
- Mass rebuild 2013-12-27
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Sep 2 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-32
|
|
|
0b3179 |
- remove excess noice from post install scripts
|
|
|
0b3179 |
|
|
|
0b3179 |
* Thu Aug 29 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-31
|
|
|
0b3179 |
- Fix to add random password on upgrade
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Aug 26 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-30
|
|
|
0b3179 |
- Add random password so xguest will show up in gdm.
|
|
|
0b3179 |
|
|
|
0b3179 |
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-29
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon May 13 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-28
|
|
|
0b3179 |
- Remove sabayon support from xguest, no longer supported.
|
|
|
0b3179 |
- Remove /etc/skel directories
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-7
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 1.0.10-26
|
|
|
0b3179 |
- Remove /etc/security/namespace.d from payload
|
|
|
0b3179 |
|
|
|
0b3179 |
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-5
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Jul 2 2012 Dan Walsh <dwalsh@redhat.com> - 1.0.10-4
|
|
|
0b3179 |
- Remove Requirement for gdm
|
|
|
0b3179 |
- Fix xguest entry in /etc/shadow so gdm lists it
|
|
|
0b3179 |
|
|
|
0b3179 |
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-3
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Dec 7 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.10-2
|
|
|
0b3179 |
- Change xguest homedir to be /var/lib/xguest/home/xguest
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Sep 23 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.10-1
|
|
|
0b3179 |
- Make sure none of the gpk apps start on the desktop
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Aug 2 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-6
|
|
|
0b3179 |
- Change location of xguest home dir to /var/lib/xguest/home
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Jun 15 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-5
|
|
|
0b3179 |
- Add requires for selinux-policy-targeted
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.9-4
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Feb 1 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-3
|
|
|
0b3179 |
- Fix boolean handling in the post install
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> - 1.0.9-2
|
|
|
0b3179 |
- Fix semanage boolean line to use -i -
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Oct 6 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.9-1
|
|
|
0b3179 |
- Fix placement of xguest.zip file
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Feb 9 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.8-3
|
|
|
0b3179 |
- Fix sabayon remove
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> - 1.0.8-2
|
|
|
0b3179 |
- Fix sabayon installation
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Nov 25 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.8-1
|
|
|
0b3179 |
- Fix sabayon file
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-7
|
|
|
0b3179 |
- Switch to use policycoreutils-sandbox init script
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-6
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-5
|
|
|
0b3179 |
- Changed to require policycoreutils-python
|
|
|
0b3179 |
|
|
|
0b3179 |
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.7-3
|
|
|
0b3179 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.7-1
|
|
|
0b3179 |
- Change xguest init script to have proper summary
|
|
|
0b3179 |
|
|
|
0b3179 |
* Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> - 1.0.6-8
|
|
|
0b3179 |
- Modify xguest to be able to be installed in a livecd
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Apr 4 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-7
|
|
|
0b3179 |
- Require newer version of policy
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Mar 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-6
|
|
|
0b3179 |
- Change gecos field to say "Guest"
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Feb 27 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-5
|
|
|
0b3179 |
- Leave xguest_u assignment on preun and always set the user to xguest_u on install
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Feb 11 2008 Florian La Roche <laroche@redhat.com> - 1.0.6-4
|
|
|
0b3179 |
- fix post requires on pam
|
|
|
0b3179 |
|
|
|
0b3179 |
* Thu Jan 31 2008 Dan Walsh <dwalsh@redhat.com> - 1.0.6-3
|
|
|
0b3179 |
- Add support for exclusive login for xguest
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Dec 18 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-2
|
|
|
0b3179 |
- Remove lines from namespace.init on package removal
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Dec 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.6-1
|
|
|
0b3179 |
- Remove xguest init.d script on uninstall
|
|
|
0b3179 |
- Fix description
|
|
|
0b3179 |
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-2
|
|
|
0b3179 |
- Turn on the xguest booleans
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Dec 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.5-1
|
|
|
0b3179 |
- Allow xguest to run nm-applet
|
|
|
0b3179 |
|
|
|
0b3179 |
* Tue Nov 27 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-2
|
|
|
0b3179 |
- Fix permissions on /etc/init.d/xguest
|
|
|
0b3179 |
|
|
|
0b3179 |
* Wed Nov 21 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.4-1
|
|
|
0b3179 |
- Add mount code to allow sharing of file system so hal and automount will work.
|
|
|
0b3179 |
- I have added an initscript to set the / as shared and /tmp, /var/tmp and /home/xguest as private
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Oct 26 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.3-1
|
|
|
0b3179 |
- Remove exit lines
|
|
|
0b3179 |
- Add LICENSE
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.2-1
|
|
|
0b3179 |
- Cleanup spec file
|
|
|
0b3179 |
|
|
|
0b3179 |
* Mon Oct 22 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-2
|
|
|
0b3179 |
- Turn on allow_polyinstantiation boolean
|
|
|
0b3179 |
|
|
|
0b3179 |
* Fri Oct 12 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.1-1
|
|
|
0b3179 |
- Add sabayon support
|
|
|
0b3179 |
|
|
|
0b3179 |
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 1.0.0-1
|
|
|
0b3179 |
- Initial version
|