Proposed F19 Feature: firewalld Lockdown
Adam Williamson
awilliam at redhat.com
Wed Feb 6 00:34:45 UTC 2013
On Tue, 2013-02-05 at 17:20 -0500, Matthew Miller wrote:
> On Wed, Jan 30, 2013 at 12:51:49PM +0000, Jaroslav Reznik wrote:
> > This feature adds a simple configuration setting for firewalld to be able to
> > lock down configuration changes from local applications.
> > == Detailed description ==
> > Local applications are able to change the firewall configuration. With this
> > feature the administator can lock the firewall configuration and these
> > applications are not able to modify the firewall anymore.
> >
> > The lockdown feature is the first part of user and application policies for
> > firewalld and will be disabled by default.
>
> Without this feature, the available changes users can make are not limited
> in any way, right? That is, with current firewalld, any local user can
> change the firewall without additional authentication?
I'm not sure that's correct, no. When I launch firewall-config I'm asked
for auth. It's as my local user, but I think that's because my local
user is set as an admin account. I don't believe regular (non-admin)
users can modify the config. I'm willing to be wrong, though.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list