[rfc][icedtea-web] allow permissions on the fly
Jiri Vanek
jvanek at redhat.com
Mon Feb 9 10:08:56 UTC 2015
It is quite hard to preset all policies *before* run in sandbox is clicked.
On devconf, where this approach was quite appreciated, following idea was raised:
- when mode is "run in sandbox" AccessControlException access denied -permission.type- should be
thrown, then instead throw, allow user to temprary/pernamently allow this policy for codebase.
During first run many of thsoe dialogs will rise, but at the end the application will be well tuned.
AFAIk there is issue - the policy file can remember only allowed policies, but in this case we need
to have also permanently banned policies saved. As policy file do not allow this, i see two solutions:
- extend policy file - probably no way
- have two "run in sanbox" buttons (or similar setting)
- run in sandbox
- interactive run in sandbox
Thoughts?
(no patch here!-)
J.
More information about the distro-pkg-dev
mailing list