[rfc][icedtea-web] allow permissions on the fly
Jie Kang
jkang at redhat.com
Mon Feb 9 14:30:23 UTC 2015
----- Original Message -----
> It is quite hard to preset all policies *before* run in sandbox is clicked.
> On devconf, where this approach was quite appreciated, following idea was
> raised:
> - when mode is "run in sandbox" AccessControlException access denied
> -permission.type- should be
> thrown, then instead throw, allow user to temprary/pernamently allow this
> policy for codebase.
This is a great idea.
>
> During first run many of thsoe dialogs will rise, but at the end the
> application will be well tuned.
>
> AFAIk there is issue - the policy file can remember only allowed policies,
> but in this case we need
> to have also permanently banned policies saved. As policy file do not allow
> this, i see two solutions:
> - extend policy file - probably no way
> - have two "run in sanbox" buttons (or similar setting)
> - run in sandbox
> - interactive run in sandbox
For this two "run in sandbox" buttons solution: How does the interactive run work without saving it to some file (policy file?). If we need to save it, then we will either have to extend the policy file, or create a new file, no? I'd prefer extending the policy file.
Also, if we have "interactive run in sandbox" do we still want to keep the original "run in sandbox"? If the difference between 'interactive' and 'original' is opening a dialog instead of failing to run with ACE, then I'd greatly prefer just 'interactive'.
What do you think?
>
>
> Thoughts?
>
> (no patch here!-)
>
> J.
>
>
Regards,
--
Jie Kang
OpenJDK Team - Software Engineering Intern
More information about the distro-pkg-dev
mailing list