[sabayon] On the topic of lockdown


>From [1] I think its pretty clear that the issue of lockdown is
something that we really need to tackle as a whole community so i'd like
to ask for direction on a fairly fundamental but quite boring question:

"Should we have specific 'lockdown' gconf keys or not"

At the moment there are a set of lockdown keys that are exposed through
Pessulus/Sabayon. These range from the pretty high-level such as
disabling printing to some pretty fine tweaking that can be done to
epiphany. When these gconf keys are set then the programs act
accordingly. However when running under Sabayon (or Pessulus as root)
these keys are supplemented by a little padlock icon that you use to
make the setting mandatory. This means that the user can't change the
lockdown key themselves. In the case of Pessulus this goes in the
mandatory source in /etc and under Sabayon this goes into the per-user
mandatory path. This is slightly confusing for the user since they must
do two things to do one thing :) 

The HIG [2] instead says that developers should test for the writability
of keys as to whether they are locked down or not. One developer
rejected a patch (#348435) adding support for one of these high-level
keys since he felt he had already satisfied his requirements for
lockdown by testing for the writability of keys. Fair enough. Instead
i'd need to set a bunch of keys mandatory. This occurs by copying the
key and value to the mandatory source. Now when using Sabayon this makes
plenty of sense since the user's mandatory settings are stored in their
home directory but i'm not sure about Pessulus in a standalone mode.

Perhaps the right solution is to make the checkboxes control both the
setting of the key and its mandatory status. This could then be used for
lockdown of things for which no lockdown key exists by just setting it
to mandatory.

This would mean Pessulus could only be run as root or under Sabayon. In
the case of running Pessulus as root and settings made by the user
before that point will be replaced by the root setting at the point it
was made mandatory.

Does this make sense?





Rob Bradford <rob robster org uk>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]