On 05/22/2012 08:48 AM, Andreas Jaeger wrote:
I just put the following on my blog as well (http://jaegerandi.blogspot.de) and look forward to your help defining a better policy:
[snip]
Call for action: Review and discuss http://en.opensuse.org/openSUSE:Security_use_cases using the following questions: * Are there any use cases missing?
IMHO the list appears pretty complete. Maybe "Insert CD/DVD" for music/movie playing use case could be added to the page. But this is handled automatically by the DEs thus it may be mentioned for "completeness" or just be left off the list.
* Is there any thing missing in the specific use cases?
I think we could have a "severity" rating for the "system wide action" assessments. For example "adding a repo" has a high severity value, lets say 5 (scale 0 - 5) while "updating installed packages from trusted repo" would have a low severity rating, maybe 1. This might provide a guideline to help us decide whether we want the root password or not.
* How can we solve these use cases so that a system is easy to setup for the most common usage scenarios?
I think we could have a "simple" YaST dialog that lets the sysadmin configure settings to her/his needs/liking. I could imagine something like the attached sketch should suffice. This is flexible, easily expandable, and implementation shouldn't be too terribly time consuming. The underlying assumption is that all processes affected support policy kit. The result is that the dialog simply writes out policy kit rules. Later, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147
