Re: [sabayon] On the topic of lockdown

[Alexander Larsson <alexl redhat com>]

On Thu, 2006-10-26 at 23:40 +0200, Vincent Untz wrote:
> Hi Rob,
> 
> Le jeudi 26 octobre 2006, à 20:18, Rob Bradford a écrit :
> > Perhaps the right solution is to make the checkboxes control both the
> > setting of the key and its mandatory status. This could then be used for
> > lockdown of things for which no lockdown key exists by just setting it
> > to mandatory.
> > 
> > This would mean Pessulus could only be run as root or under Sabayon. In
> > the case of running Pessulus as root and settings made by the user
> > before that point will be replaced by the root setting at the point it
> > was made mandatory.
> > 
> > Does this make sense?
> 
> If you run pessulus as root, you will see a small lock beside the
> checkbox. The checkbox sets the key to the value and the lock controls
> its mandatory status.
> 
> Isn't this enough for doing what you're proposing?

Just a comment:

We still need lockdown keys for some things, as they are not
implementable by just having some preferences not being writable. For
instance, you couldn't lock down shell access by making some config
setting unchangable.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a Nobel prize-winning day-dreaming paramedic with a secret. She's a 
transdimensional French-Canadian museum curator who inherited a spooky stately 
manor from her late maiden aunt. They fight crime!