rpms/xguest/devel xguest.spec,1.4,1.5
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Feb 27 19:21:52 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/xguest/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11716
Modified Files:
xguest.spec
Log Message:
* Wed Feb 27 2008 Dan Walsh <dwalsh at redhat.com> - 1.0.6-5
- Leave xguest_u assignment on preun and always set the user to xguest_u on install
Index: xguest.spec
===================================================================
RCS file: /cvs/extras/rpms/xguest/devel/xguest.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- xguest.spec 11 Feb 2008 10:09:07 -0000 1.4
+++ xguest.spec 27 Feb 2008 19:21:16 -0000 1.5
@@ -1,7 +1,7 @@
Summary: Creates xguest user as a locked down user
Name: xguest
Version: 1.0.6
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
BuildArch: noarch
@@ -9,8 +9,8 @@
URL: http://people.fedoraproject.org/~dwalsh/xguest/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires(post): pam >= 0.99.8.1-17 selinux-policy > 3.0.8-60.fc8
-Requires(post): policycoreutils
+Requires(pre): pam >= 0.99.8.1-17 selinux-policy > 3.0.8-60.fc8 selinux-policy-base
+Requires(pre): policycoreutils
Requires(post): sabayon-apply
Requires: gdm >= 1:2.20.0-15.fc8
@@ -36,8 +36,10 @@
install -m0644 xguest.zip %{buildroot}/%{_sysconfdir}/desktop-profiles/
install -m0755 xguest.init %{buildroot}/%{_sysconfdir}/rc.d/init.d/xguest
-%post
-if [ $1 = 1 ]; then
+%pre
+if [ $1 -eq 1 ]; then
+semanage user -a -P xguest -R xguest_r xguest_u 2> /dev/null
+(useradd -c "X Guest User" -Z xguest_u xguest || semanage login -a -s xguest_u xguest || semanage login -m -s xguest_u xguest) 2>/dev/null || exit 1
echo -n \
'
@@ -51,17 +53,24 @@
echo "xguest:exclusive" >> /etc/security/sepermit.conf
-semanage user -a -P xguest -R xguest_r xguest_u 2> /dev/null
-useradd -c "X Guest User" -Z xguest_u xguest 2> /dev/null
+setsebool -P allow_polyinstantiation=1 browser_confine_xguest=1 browser_write_xguest_data=1 xguest_connect_network=1 xguest_mount_media=1 xguest_use_bluetooth=1
+
+fi
+%post
+if [ $1 -eq 1 ]; then
/sbin/chkconfig xguest --add
+# Add two directories to /etc/skell so pam_namespace will label properly
+mkdir /etc/skel/.mozilla 2> /dev/null
+mkdir /etc/skel/.gnome2 2> /dev/null
+
/usr/bin/python << __eof
from sabayon import userdb
db = userdb.get_database()
db.set_profile("xguest", "xguest.zip")
__eof
-setsebool -P allow_polyinstantiation=1 browser_confine_xguest=1 browser_write_xguest_data=1 xguest_connect_network=1 xguest_mount_media=1 xguest_use_bluetooth=1
+
fi
%files
@@ -71,9 +80,8 @@
%doc README LICENSE
%preun
-if [ $1 = 0 ]; then
-sed -i '/^xguest$/d' /etc/security/sepermit.conf
-semanage login -d xguest 2> /dev/null
+if [ $1 -eq 0 ]; then
+sed -i '/^xguest/d' /etc/security/sepermit.conf
sed -i '/^# xguest begin/,/^# xguest end/d' /etc/security/namespace.conf
/usr/bin/python << __eof
@@ -86,6 +94,9 @@
fi
%changelog
+* Wed Feb 27 2008 Dan Walsh <dwalsh at redhat.com> - 1.0.6-5
+- Leave xguest_u assignment on preun and always set the user to xguest_u on install
+
* Mon Feb 11 2008 Florian La Roche <laroche at redhat.com> - 1.0.6-4
- fix post requires on pam
More information about the fedora-extras-commits
mailing list