Closed
Bug 1460086
Opened 7 years ago
Closed 7 years ago
Remove or disable pref: browser.policies.alternatePath
Categories
(Firefox :: Enterprise Policies, enhancement, P1)
Firefox
Enterprise Policies
Tracking
()
RESOLVED
FIXED
Firefox 62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: bytesized, Assigned: bytesized)
References
Details
Attachments
(1 file)
In order for the Background Update Agent to be able to determine whether updates are disabled, it needs to be able to find the policies regarding this. This means that those policies must be stored in their default locations.
Additionally, this pref could be considered a bit of a security risk.
The pref should either be removed entirely or made available only for testing.
|
||
Comment 1•7 years ago
|
||
As we add support for other policy types (Mac plist) and allow policies.json in other location for Linux, querying the policies file isn't going to be enough.
There's going to need to be a better way to ask Firefox the status of certain policies.
|
Assignee | |
Comment 2•7 years ago
|
||
The Background Update Agent cannot ask Firefox anything. The whole point of the Background Update Agent is that it runs when Firefox is not running.
|
|
||
Comment 3•7 years ago
|
||
I'm ok with this, but we need to fix Linux first so it looks in the right place.
|
|
||
Updated•7 years ago
|
Priority: -- → P1
|
|
Assignee | |
Comment 4•7 years ago
|
||
I just tested adding a policies.json on Linux without using `browser.policies.alternatePath` and it seems like it works fine. Can you clarify what needs to be fixed?
Flags: needinfo?(mozilla)
|
|
Assignee | |
Updated•7 years ago
|
Summary: Remove pref: browser.policies.alternatePath → Remove or disable pref: browser.policies.alternatePath
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → ksteuber
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 6•7 years ago
|
||
mkaply told me on IRC that he meant that in Linux, Firefox should be able to be managed *without* the policies.json. This feature has not been implemented yet.
Flags: needinfo?(mozilla)
|
|
||
Comment 7•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly
https://reviewboard.mozilla.org/r/245896/#review252176
Attachment #8979756 -
Flags: review?(mozilla) → review+
|
||
Comment 8•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly
https://reviewboard.mozilla.org/r/245896/#review252188
I'm fine with changing this, but I think there was a bit of misunderstanding over the IRC talk. What Mike meant is not that Linux will be configured without policies.json. It's that on Linux the path might be different, outside of the install dir.. And instead of just one location, it will probably be a list of possible paths to look (in some pre-defined order). It's something that you can handle in the updater agent, but I just wanted to make it sure that it was clear.
::: browser/components/enterprisepolicies/EnterprisePolicies.js:375
(Diff revision 1)
>
> let alternatePath = Services.prefs.getStringPref(PREF_ALTERNATE_PATH, "");
>
> - if (alternatePath && (!configFile || !configFile.exists())) {
> - // We only want to use the alternate file path if the file on the install
> - // folder doesn't exist. Otherwise it'd be possible for a user to override
> + // Check if we are in automation *before* we use the synchronous
> + // nsIFile.exists() function or allow the config file to be overriden
> + if (Cu.isInAutomation && alternatePath && (!configFile || !configFile.exists())) {
The first thing to check should be if an alternatePath was even given.. If it's empty than there's no need for the other checks.. so please put it in first.
Another thing that I'd like to keep supporting is Nightly builds, since this is very useful for our own manual testing..
There's no need to actually support it in the updater agent.. We can just document somewhere (probably not here) that this alternate path won't work to disable app updates on nightly builds)
(You can use AppConstants.NIGHTLY_BUILD for that)
Attachment #8979756 -
Flags: review?(felipc)
| Comment hidden (mozreview-request) |
|
|
||
Comment 10•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly
https://reviewboard.mozilla.org/r/245896/#review252656
Attachment #8979756 -
Flags: review?(felipc) → review+
|
||
Comment 11•7 years ago
|
||
Pushed by ksteuber@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c2ac7dded317
Disable pref: browser.policies.alternatePath except in testing and Nightly r=Felipe,mkaply
|
||
Comment 12•7 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 62
You need to log in
before you can comment on or make changes to this bug.
Description
•