Re: Distribution help needed for nanny

From: Roberto Majadas <roberto majadas openshine com>
To: Matthias Clasen <matthias clasen gmail com>
Cc: desktop-devel-list <desktop-devel-list gnome org>
Subject: Re: Distribution help needed for nanny
Date: Sun, 14 Mar 2010 16:03:24 +0100

El 14/03/2010, a las 14:53, Matthias Clasen<matthias clasen gmail com> escribió:

On Sun, Mar 14, 2010 at 7:55 AM, Roberto Majadas
<roberto majadas openshine com> wrote:
Hi Desktop-devel  people :
We want to support more distributions in nanny project [1] . And weneed
help with fedora/redhat and opensuse/suse distributions. We only need
init-scripts to start the nanny daemon on this distributions.Obiously otherdistributions are welcome too :) . We support at the moment ubuntu/debian
and mandriva.
Are there any developer that can help us with this init-scripts ?If you
want to help us, you only need drop your init-script here ;) [2]
Hey, when I was looking at nanny for Fedora a while ago [1] I noticed
a few more things that might need adjustment per OS:


Yep, i'm in acord with you. We need some adjustments per OS.

May be creating some custom scripts per OS for example nanny-block-session, nanny-block-port or something like that. We are open tosuggestions.


1) The daemon assumes that it can control login by editing
/etc/pam.d/gdm (not true on Fedora, where we have a bunch of other pam
files that are used by gdm).


May be nanny-block-session script ?


2) The UI code doesn't work with GTK+ 2.20, due to the widget
name/buildable name change in GTK+. It seems you just fixed that in
git, though.


Yes it's fixed in master

3) nanny uses iptables (it took a while to figure out why nothing was
happening when I  tried nanny first - I had iptables turned off).
There should probably be some kind of runtime check for iptables, in
addition to a dependency in the init script. What about ip6tables, btw
?


We use iptables for :
 * Redirect http user traffic to nanny daemon reverse proxy port.
 * Block mail ports, im ports, ... per user.

So iptables or other firewall is a mandatory depends.

Iptables6 is not supported atm.


4) the daemon uses really yucky process-name matching to find existing
sessions, so if your session manager is not called x-session-manager
or gnome-session, you get out of jail free..


We are open to suggestions.

Cheers and thanks for your comments

telemaco

Matthias


[1] https://bugzilla.redhat.com/show_bug.cgi?id=553210

References:
- Distribution help needed for nanny
  - From: Roberto Majadas
- Re: Distribution help needed for nanny
  - From: Matthias Clasen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]