On 21.09.2017 01:55, Peter wrote:
I started putting together a plan on how we might be able to implement machine isolation in cockpit building off the somewhat stalled sandbox work that Stef started.
https://github.com/cockpit-project/cockpit/wiki/Machine-isolation
I'd appreciate any comments or suggestions anyone might have.
This seems to rely on javascript in the shell component for implementing access control (as did my WIP pull request). That is to say, it is a javascript component that prevents host B's javascript from opening channels to host A.
Do we have any options where we that access control happens in cockpit-ws and not in javascript? If so, how complicated are those options? How do they impact the user interface and backwards compatibility?
Cheers,
Stef
cockpit-devel mailing list -- cockpit-devel@lists.fedorahosted.org To unsubscribe send an email to cockpit-devel-leave@lists.fedorahosted.org