GLF- Gnome Lockdown Framework

Dear list,

I'd like to present a proposal for handling lockdown of application & desktop

In short, GLF (the Gnome Lockdown Framework) consists of three "parts", namely:

- A standardized way of registering keys in GConf
- A small library / API (currently consisting of only two functions)
- A graphical tool for handling default/group/user permissions

The main ideas behind GLF:
- The developer of an application is him/herself free to define what parts of the
application that can be locked down - just ship the application with metadata
(GLF-specific GConf keys) describing what checks that are done runtime
- It should be easy to add GLF functionality to an existing (or new!) application

NOTE: I started working on this idea last week, without having a working machine
for development - and I still don't. Thus, I can't present any code yet - but on
the other hand: if you look at the "architecture" page, you'll find an easy to
implement algorithm for the most vital part of the API (glf_permissions_init()).
If you read the quickstart, you'll also notice that the other part of the API
("glf_allows()") is mostly a wrapper for g_hash_table_lookup, so the API part of
GLF is easily implemented.

The things I'd like someone to help me with is writing the policy tool,
"glftool" or "glfgui", as I don't feel I have nor the time nor the energy to
start looking into that. Adding LDAP support is however something I'd like to
take responibility for.

Comments and ideas welcome.

- Mikael.

Mikael Carneholm, M.Sc
arch at the host called enterprise hb se

This mail sent through IMP:

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]