Warning: strftime() [function.strftime]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Asia/Calcutta' for 'IST/5.0/no DST' instead in /home/foss.in/fci/html/2008/register/include/smarty/libs/Smarty_Compiler.class.php on line 362
|Speaker Name||James Morris|
|Slides||Click to download|
Anatomy of Fedora Kiosk Mode
|Abstract||Recent Fedora releases include Kiosk Mode, a feature which allows anonymous users to safely access a limited desktop session, including a web browser and office applications. This may be useful wherever there's a need to provide public access to computers, including: cafes, airports, conferences, libraries and trade shows.
Kiosk Mode combines several advanced security and Linux OS features:
- A tight Mandatory Access Control (MAC) security policy is used to limit the actions of anonymous users and protect the system from them.
- Linux namespaces are utilized to provide the user with a private view of the file-system.
- A customized GNOME desktop managed via Sabayon is freshly loaded for each session.
- A PAM module ensures that SELinux is enabled in enforcing mode before authorizing the anonymous session.
No configuration is required: if the appropriate package is installed, it Just Works.
Kiosk Mode is an example of how bleeding edge security and OS technologies may be applied to meet general user requirements. This talk will detail its design and implementation, and include a demonstration.
|Pre-requisites||Intermediate to advanced knowledge of Linux.|
|Speaker Profile||James Morris is a Linux kernel developer from Sydney, Australia. He has contributed to several kernel projects, including Netfilter, LSM, and IPsec. He is the author of the kernel Crypto API. Currently, his focus is on SELinux, a flexible framework for composing different security models. He is a kernel maintainer of SELinux, Networking and an emeritus Netfilter core team member.|