Your application and GNOME lockdown
Posted by Sayamindu 1 year ago
- I’ve been thinking of writing this for more than four months now - especially ever since I saw this post. This should ideally go into the wiki, or even better, a nice developer’s guide to GNOME lockdown document. I don’t think I’m qualified enough to cover all the possible issues that a developer might come across, but here are two issues that I think all GNOME application developers should be aware of:
- Make your application Sabayon friendly
Federico’s GUADEC presentation covers some of the guidelines applications must adhere to in order to work nicely (and to not to break) in deployments managed by Sabayon. - Respect desktop-wide lockdown options
I have tried to describe all the general, desktop wide lockdown settings in the guide that I wrote as a part of the SoC. In brief, there are Gconf keys which control (or at least are supposed to control) the global, desktop wide access to the following features:- Command line access, ie arbitrary command execution
- Screen locking
- Printing and print setup
- Saving to disk
- User switching
If your application allows users to do any of the above, please ensure that the relevant Gconf keys are read first, and then the feature should be enabled.
During the next one month, I’ll try to find out cases where software do not adhere to the recommendations in Federico’s slides, or to the desktop-wide lockdown options, and submit bug reports (possibly with patches) as and when required.
- Make your application Sabayon friendly
- I have been sufferring from a terrible headache for the last three days, and I have not been very responsive to emails, IRC pings, etc. Apologies about that.
You forgot about file browsing. The case in which the user can or cannot browse lower than the home was discussed in the sysadmin bof.