[rfc][icedtea-web] policytool in itweb-settings

Jiri Vanek jvanek at redhat.com
Thu Jan 16 07:15:51 PST 2014

On 01/16/2014 04:13 PM, Andrew Azores wrote:
> On 01/16/2014 10:03 AM, Jiri Vanek wrote:
>> On 01/16/2014 03:58 PM, Andrew Azores wrote:
>>>>> permissions to the policy, eg "Allow reading user details" would entail granting read
>>>>> permission on
>>>>> the user.name and probably user.home together. Or really, I imagine a user that is both advanced
>>>>> enough to care about making a custom policy AND needs more control than the coarse-grained
>>>>> checkboxes is probably advanced enough to deal with the existing policytool. So we can just leave
>>>>> out the Advanced-type settings from the new editor and let those users deal with using the
>>>>> existing
>>>>> policytool if they need it. Maybe PolicyPanel could be modified further to allow users to choose
>>>>> which editor to launch with an "advanced" checkbox or similar.
>> This remianed me:
>> You are planing to have "run in 'advacned' sandbox" button next to run i sandbox, which will allow
>> to set permissions before (and for) actual run (with possibility of save eg?) Or did I just
>> imagined it from nothing?!?!?
>> J.
> Woah, what? This is not what I meant at all :) The dialogs shown at applet run time will just have
> "Ok/Proceed", "Sandbox" (or "Restricted" or whatever), and "Cancel". Sandbox/Restricted will run the
> applet with reduced permissions, meaning the Sandbox permission set, union the permission set
> defined in the user policy file (as well as system policy file). The Advanced button was just going
> to be either in itweb-settings control panel or in the "mini editor" itself and provide a way to
> either simply show more policy options or to launch JDK policytool, to give power users more control
> over the policy they are editing. I definitely am not planning to have two different types of
> Sandbox button.
> It is an interesting idea though to have the dialog present a button for policy editing. This would
> make it very easy for users to find the correct codebase for an applet, since we could fill it in
> for them already. I'm not sure if adding yet another button would be very good visually though - it
> might be too much going on on one dialog and become confusing. Or, rather than adding a way to
> launch the policy editor here during run time (which sounds a little unsafe to me), we could simply
> add a button to the dialog somewhere to copy the applet codebase to the clipboard. Then the user can
> cancel or sandbox, then later open the editor and paste the codebase? Hmm.

:))) +1 for me on this topic (although it seems to me that I was probably dreaming... :D)

But as another (much another) chnageset. The current policy patch is so simple taht I really wont to 
in 1.4
> Thanks,

More information about the distro-pkg-dev mailing list