On 11/21/2013 01:10 PM, Shawn Wells wrote:
On 11/21/13, 12:40 PM, Maura Dailey wrote:
This has come up before. When testing for the value of GConf checks,
I'd like to use the package install/remove script to test if GConf2
is even installed. The xorg package check exists, but not one for
GConf2.
In order of preference:
1. I add GConf2 to the list of packages that should be removed and
write one of those extend checks inside every gconf check. Profiles
can decide how they feel about GConf2. It could depend on Xorg.
2. I test for the presence of GConf2 in every gconf check.
3. I test for the presence of Xorg, under the assumption that GConf2
will also be installed.
Thoughts?
#1, and as noted don't add the check to a profile. Believe gconf is
provided by gdm, not xorg though:
On my system:
$ rpm -qf /etc/gconf/gconf.xml.mandatory/
GConf2-2.28.0-6.el6.x86_64
$ rpm -qf /etc/gconf/gconf.xml.defaults/
GConf2-2.28.0-6.el6.x86_64
The prose guide says to use /etc/gconf/gconf.xml.mandatory and
/etc/gconf/gconf.xml.defaults. I haven't actually tested the prose
commands to see if they function as expected using those directories.
(We had to use /var/lib/gdm/.gconf.mandatory for the login banner at
work, but I think that's because GDM runs as the gdm user, not as root,
and can't see into all the subdirectories in /etc/gconf.) Reworking
these gconf checks is going to be difficult if we have to support
multiple configuration directories, since some of them can override each
other.
$ rpm -ql xorg | grep gconf
$ rpm -ql gdm | grep gconf
/etc/gconf/schemas/gdm-simple-greeter.schemas
/var/lib/gdm/.gconf.mandatory
/var/lib/gdm/.gconf.mandatory/%gconf-tree.xml
/var/lib/gdm/.gconf.path
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
- Maura Dailey
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
