Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?

From: Lance Wang <lance w19 gmail com>
To: Tambet Ingo <tambet gmail com>
Cc: networkmanager-list gnome org
Subject: Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
Date: Fri, 18 Sep 2009 21:10:20 +0800

On Thu, Sep 17, 2009 at 2:11 PM, Tambet Ingo <tambet gmail com> wrote:
> On Thu, Sep 17, 2009 at 06:16, Bin Li <libin charles gmail com> wrote:
>>  To disallow users to define their own network configuration, I add a new
>> permission, org.freedesktop.network-manager-settings.user.modify, then link
>> to the add button, when the user have permission, he can add it, vice versa.
>> I've met a problem, the user's connection save in the gconf, and the user
>> can change the gconf with gconftool-2 without permission checking.
>>  So are there any method to resolve this problem? And is it okay to do like
>> this? Any idea?
>
> This makes no sense. You can already lock GConf so there's no need to
> do anything for user settings. Just lock the /system/networking path
> in gconf and the settings can't be changed. The only thing you could
> improve, is to make sure nm-applet and nm-connection-editor handle it
> more gracefully, ie "gray out" the apply button etc...
>

It make  no sense that "gray out" the apply button etc, I  think,
when the /system/networking path is locked.  Because if it is locked
all buttons should be gray out. Maybe we should not show the
nm-connection-editor,  as on average if someone was not permitted to
modify user settings, he or she would be denied to modify the system
settings.

And another aspect. I think we should leave the control in the
NetworkManager side.  As far as I know, all settings should be apply
through NetworkManager. If we just lock gconf, people with malicious
intent can still use modified nm-applet to apply the user settings
they want.  So I think there may be a policy action such as
org.freedesktop.network-manager-settings.user.apply.  Every time
NetworkManager receive the request to apply the user settings, it
should check the action. And nm-connection-editor also check the
action to set the button status.  Further more maybe we split the
policy to org.freedesktop.network-manager-settings.user.wired.apply
org.freedesktop.network-manager-settings.user.wireless.apply
org.freedesktop.network-manager-settings.user.vpn.apply  etc...

What do you think?

> Tambet
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
>

-- 
:
Lance Wang

U+738B U+4F36 U+5353

Follow-Ups:
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Tambet Ingo

References:
- Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Bin Li
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Dan Williams
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Bin Li
- Re: Do we have plan to do finer grained PolicyKit support for Networkmanager?
  - From: Tambet Ingo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]