Overview of proposed lockdown system
Accountsservice holds information about available roles (the lockdown settings) in the system and information about which user has which role.
Gnome-control-center user management links the profiles with users.
GDM upon user login enforces the lockdown settings.
The profiles themselves are in GKeyFile format, so they can be easily edited manually. For easier editing, there is also lockdown editor.
Status of each subsystem
The code for changes resides in gitorious. The it is mostly done and only needs some polishing.
Gnome control center
Quite some work is done in version 3.4.2 that ships with Ubuntu. Those changes should be merged in 3.6 branch. gnome-control-center-3.4.2.tar.xz
There is no work done in GDM as of the moment
Pessulus itself is not is in very early stages and will not be worked on until the accountsservice and gnome-control-center modifications are finished. pessulus.tar.xz
The precise GKeyFile format is not yet decided.
Expeced lockdown features
The proposed pessulus extends previous version in that it not only supports dconf, but also unix group membership and policy kit rules. The proposed rules are in this feature list, which is in initial stage and will be updated. Recently guys from Ubuntu team made their own list, will investigate this later.