GNOME Bugzilla – Bug 395887
lockdown: Restrict Application Launching, default schema values
Last modified: 2019-02-23 02:41:17 UTC
At Guadec last year in Villanova, one of the topics that came up from Luis's talk on what our customers want from Gnome was the ability to restrict the gnome menus. Here's the solution we've implemented for this exact purpose, simply involves two new global desktop lockdown keys : - desktop/gnome/lockdown/restrict_application_launching Boolean value, that simply states whether restricted application launching is switched on or not. - desktop/gnome/lockdown/allowed_applications A list of string's containing full path's to applications that are allowed. e.g. /usr/local/bin/evince etc... This bug is to record patch required for schemas/desktop_gnome_lockdown.schema.in changes for the two new proposed keys.
Created attachment 80130 [details] [review] patch for schema defauts update Patch to define defaults for new gconf keys restrict_application_launching, and allowed_applications in file schemas/desktop_gnome_lockdown.schema.in
Should this be added for 2.21.0? Are we still adding more keys to libgnome now that we are trying to get rid of it?
This isn't one bit useful without: - nautilus and gnome-panel patches - proper documentation in the sysadmin guide Not for 2.22. Please file bugs with the patches for nautilus and gnome-panel before committing this. IMO, it would be easier to remove the unneeded applications from the menus, and use the "disable command-line" schema, which disallows users from launching external apps.
Actually there are patches available for nautilus, gnome-panel and pessulus : See bugs : gnome-panel : http://bugzilla.gnome.org/show_bug.cgi?id=394252 nautilus : http://bugzilla.gnome.org/show_bug.cgi?id=397715 pessulus : http://bugzilla.gnome.org/show_bug.cgi?id=394249
Somebody needs to learn about bugzilla depends ;)
Created attachment 140501 [details] [review] updated patch Here is the latest patch we apply, slightly different than what was previously reported.
I just verified that the latest version of the patch is the same version as the patch we currently are applying. The proposed patches for nautilus and gnome-panel seem generally acceptable. A patch for pessilus seems trivial and is promised as soon as this patch goes upstream. I think we have mostly complied with the requests of comment #3. Obviously docs need to be updated to provide information about this interface, but getting the docs team involved with writing new docs makes the most sense once the patch is accepted and the documentation people know the interfaces are reasonably stable. However, this bugs seems to be blocking anything form happening. Perhaps we should just go ahead and commit this change, the gnome-panel and nautilus changes all together so this feature "just works" as reasonably expected? Can this go upstream? Initially it sounded like there was community interest in getting this working, and this code has been soaking for a long time in our Solaris releases. For the most part, people seem to use this feature and find it useful. We have been updating this patch as we have resolved bugs, so I think at this point this code is working well enough for general use (and lockdown is not a feature which is on by default anyway).
Should this be moved to dconf now? I don't see the lockdown keys anywhere in dconf-editor though?
libgnome and libgnomeui were only used in GNOME 2 and are not under active development anymore. Their codebases have been archived: https://gitlab.gnome.org/Archive/libgnome/commits/master https://gitlab.gnome.org/Archive/libgnomeui/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality.