On Tue, 2013-02-05 at 17:20 -0500, Matthew Miller wrote: > On Wed, Jan 30, 2013 at 12:51:49PM +0000, Jaroslav Reznik wrote: > > This feature adds a simple configuration setting for firewalld to be able to > > lock down configuration changes from local applications. > > == Detailed description == > > Local applications are able to change the firewall configuration. With this > > feature the administator can lock the firewall configuration and these > > applications are not able to modify the firewall anymore. > > > > The lockdown feature is the first part of user and application policies for > > firewalld and will be disabled by default. > > Without this feature, the available changes users can make are not limited > in any way, right? That is, with current firewalld, any local user can > change the firewall without additional authentication? I'm not sure that's correct, no. When I launch firewall-config I'm asked for auth. It's as my local user, but I think that's because my local user is set as an admin account. I don't believe regular (non-admin) users can modify the config. I'm willing to be wrong, though. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
