In this GSoC RūdolfsMazurs will write lockdown editor (Pessulus) for gnome from scratch.

I will utilize the existing infrastructure (git and bugzilla).

Overview of proposed lockdown system

Accountsservice holds information about available roles (the lockdown settings) in the system and information about which user has which role.

Gnome-control-center user management links the profiles with users.

GDM upon user login enforces the lockdown settings.

The profiles themselves are in GKeyFile format, so they can be easily edited manually. For easier editing, there is also lockdown editor.

Status of each subsystem

Accontsservice

The code for changes resides in gitorious. The it is mostly done and only needs some polishing.

Gnome control center

Quite some work is done in version 3.4.2 that ships with Ubuntu. Those changes should be merged in 3.6 branch. gnome-control-center-3.4.2.tar.xz

GDM

There is no work done in GDM as of the moment

Lockdown editor

Pessulus itself is not is in very early stages and will not be worked on until the accountsservice and gnome-control-center modifications are finished. pessulus.tar.xz

The precise GKeyFile format is not yet decided.

Expeced lockdown features

The proposed pessulus extends previous version in that it not only supports dconf, but also unix group membership and policy kit rules. The proposed rules are in this feature list, which is in initial stage and will be updated. Recently guys from Ubuntu team made their own list, will investigate this later.