GNOME Bugzilla – Bug 394249
Lockdown : Restricted Application Launching
Last modified: 2020-11-07 12:15:32 UTC
At Guadec last year in Villanova, one of the topics that came up from Luis's talk on what our customers want from Gnome was the ability to restrict the gnome menus. Here's the solution we've implemented for this exact purpose, simply involves two new global desktop lockdown keys : - desktop/gnome/lockdown/restrict_application_launching Boolean value, that simply states whether restricted application launching is switched on or not. - desktop/gnome/lockdown/allowed_applications A list of string's containing full path's to applications that are allowed. e.g. /usr/local/bin/evince etc... Three patches are required for this : - gnome-panel (DONE)- Check of restricted application launching is set to true then : - hide items on menus whose application is not in the allowed list - hide launcher icons on panels whose application is not in the allowed list - Restrict creating of launchers by D'n'D whose application are not in the allowed list. - libgnome (DONE but needs updating) - provide default schema for two new gconf keys - Pessulus (DONE) - Update to allow editing of new gconf keys. - Nautilus (DONE) For Nautilus/Pessulus/libgnome, should I file separate bugs ?
Created attachment 79749 [details] [review] Feature Request Patch for gnome-panel Patch which implements this feature request in gnome-panel.
Created attachment 80325 [details] [review] Update patch Update patch for restricted application launching
I'm not ignoring the patch, but since we're past feature freeze for 2.18, I won't review it now (there's many patches I have to review, and even more bugs to fix). But I'll try to look at it when I have time. Thanks for working on this!
Created attachment 91615 [details] [review] Patch Update Patch which applies to latest svn
Will this go in at some point?
I can update patches to apply to latest SVN... would like to know that my efforts are not in vain though :)
Definitely an effort that is appreciated. It just means I'm doing a bad job...
Created attachment 133964 [details] [review] updated patch This is the latest patch we are applying.
Created attachment 133965 [details] [review] second patch When using the previous patch, the build now fails when linking gnome-desktop-item-edit the build fails with the following error: ld: fatal: symbol `panel_gconf_get_client' is multiply-defined: (file gnome-desktop-item-edit.o type=FUNC; file panel-gconf.o type=FUNC); ld: fatal: File processing errors. No output written to .libs/gnome-desktop-item-edit This is because the previous patch adds "#include launcher.h" (which inlcudes "applet.h" which includes panel-gconf.h) to panel-lockdown.h. So this patch is also needed for this feature to work properly. This second issue was previously reported as bug #543291, but since it really relates to this patch, I'm adding it here. Attached patch removed definition of panel_gconf_get_client() from gnome-panel/gnome-desktop-item-edit.c.
Created attachment 139646 [details] [review] updated patch for patch in comment #8 Note defect.opensolaris.org bug #7716. http://defect.opensolaris.org/bz/show_bug.cgi?id=7716 It was discovered that the Main Menu and Menu Bar applet don't support gconf restrict_application_launching key. This updated patch fixes this problem. Note the patch in comment #9 is still needed.
Hrm, was starting to look at this, but the libgnome patch never went in? This is blocking the panel patch :/
I just updated bug #395887 with the latest libgnome patch we apply since I noticed it previously had an older patch, if that makes things easier.
(In reply to comment #10) > Created an attachment (id=139646) [details] [review] > updated patch for patch in comment #8 > > > Note defect.opensolaris.org bug #7716. > > http://defect.opensolaris.org/bz/show_bug.cgi?id=7716 > > It was discovered that the Main Menu and Menu Bar applet don't support gconf > restrict_application_launching key. This updated patch fixes this problem. > > Note the patch in comment #9 is still needed. In this patch, 2 calls to panel_lockdown_notify_add are added. But no call to panel_lockdown_notify_remove is added. This causes the following assert g_assert(panel_lockdown_notify_find(panel_lockdown.closures, callback_func, user_data) == NULL); to failed and lead to a crash.
Created attachment 148764 [details] [review] updated patch for patch in comment #8 Here is the latest version of the patch. It was reworked so it applies to 2.27.92. Can this go upstream? Initially it sounded like there was community interest in getting this working, and this code has been soaking for a long time in our Solaris releases. For the most part, people seem to use this feature and find it useful. We have been updating this patch as we have resolved bugs, so I think at this point this code is working well enough for general use (and lockdown is not a feature which is on by default anyway). Note the patch in comment #9 is still also needed in addition to this patch.
Created attachment 148775 [details] updated patch for patch in comment #8 Sorry, here is an updated patch. This version of the patch fixes a crashing problem noticed in the previous version of the patch. Refer here: http://defect.opensolaris.org/bz/show_bug.cgi?id=12609 Again, note that still the patch in comment #9 is also needed along with this patch.
bugzilla.gnome.org is being replaced by gitlab.gnome.org. We are closing all old feature requests in Bugzilla which have not seen updates for many years. If you still use gnome-panel and if you are still requesting this feature in a currently supported version of GNOME (currently that would be 3.38), then please feel free to report it at https://gitlab.gnome.org/GNOME/gnome-panel/-/issues/ Thank you for reporting this issue and we are sorry it could not be implemented.