[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



2009/11/19 Richard Hughes <hughsient gmail com>
> So if I pick "personal desktop", the change you made makes sense. If on
> the other hand, I choose "workstation" profile, I would obviously need a
> more locked down profile.

Surely if you're deploying a workstation (1000s of workstations?) you
would just ship an extra package that set the PolicyKit policies
according to the domain policy, so if I was a school, I would allow
the active users to unplug removable drives, but not detach physical
drives. I would also stop them installing and upgrading (not even give
them the option to enter a root password) and also lock down who can
change the clock. I would also prevent them from installing debuginfo
files and being able to set thier audio system to real-time priority.

The real argument is what set of users upstream software should
target. There's an argument for upstream to default to "no" for all
actions and for the admin to install a policy for "desktop",
"workstation" etc, but then there's just the related problem of what
policy package to choose by default for "Fedora".

Why not choose them all?

What about having packaged policy profiles?

policykit-profile-i-am-paranoid
policykit-profile-server
policykit-profile-controlled-deployment
policykit-profile-personal-desktop

In the live CD install the last one by default, on the DVD, choose the server option. Either way, since it is a packaged profile, all someone will need to do to change to a different one is replace the RPM package with something appropriate.

In this case, I do not think it is an either/or situation.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]