On Tue, 2008-06-17 at 16:30, Darren J Moffat wrote: > Robert Kinsella wrote: > > Hi Darren, > > I started trackerd manually in all zones, gnome-session (testing on > > gnome2.22) did not start the daemon automatically. > > Is this is bug that will be fixed before integration or an architectural > issue that it can't start up by default ?
Jerry should have an answer for this. Trusted will do whatever gnome-sesison does. > > The GUI interface 'deskbar' applet only operates in the 'global zone'. > > This applet does not operate in labeled zones. > > It is NOT available to user's who do not not have admin_high clearance. > > see:- 6458563 - [tjds] possible to launch applications outside of > > clearance using some applets. > > The fix for that bug is a bit of a nasty hack in my opinion. Yes it is. In order to deliver Trusted JDS for Solaris 10 some compromises needed to be made. We needed to weigh the advantage of having a particular applet available to the user against how complex it would be to make it a Trusted applet and behave appropropriately depending on the workspace label or enhance the panel sufficiently to enable it to context switch multiple running copies of an applet on workspace switches (much like nautilus does right now). Neither of these options are simple to implement, however, due to panel applet positioning and embedding. Often the functionality of the applet was a duplicate of a full application that would still be available to the user so it was easier to just disable it in a multilabel session. > It is > pointing out an architectural problem. The problem being that the > gnome-panel applets run in the "Trusted Path" yet some of them should > actually be running at the workspace label, this cases applet being of > the former type. > > However I don't expect this case to fix that architectural problem. > That however leaves us with the situation that this case only partially > works when using a Trusted Extensions multi level desktop and that is > bad. WRT to tracker the user would still have the ability to run the standalone application interface and have no need of the applet. This application would run per zone like any other. > I think this case is useful and I don't want to hold it up. I don't think this issue should hold up the tracker case either but I apprecaiate you always keeping trusted in the back of your mind when reviewing these cases as most engineers do not. There is certainly room for improvement in TJDS and this is one area that could do with my attention. > I > also have a feeling (with zero evidence) that many of our traditional TX > customer base would turn off the trackerd functionality anyway. I suspect you are right here. They mostly have to justify every binary on the system, but we will do our best to make the functionality available to them and let them decide what they dont need/want. Stephen. > > > -- > Darren J Moffat
