Open Bug 1580753 Opened 5 years ago Updated 2 years ago

SecurityDevices settings in policies.json don't take effect

Categories

(Thunderbird :: Preferences, enhancement)

Product:
Thunderbird
Component:
Preferences
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: sberg, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

Created policies.json file:
{
"policies": {
"DisableAppUpdate": true,
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"BlockAboutConfig": true,
"DisableTelemetry": true,
"SecurityDevices": {
"DOD_CAC_Reader": "/usr/lib64/pkcs11/libcoolkeypk11.so"
}
}
}

Actual results:

Security device is not defined. About:config is not disabled.

DisableAppUpdate is turned off.

Expected results:

I expected that App Updates would be disabled when I view Help->About and they are. But I also expected Edit->Preferences->Advanced->General Config Editor to not bring up about:config and it did. As well I wanted to globally set a security device for DOD common access card use and it's not getting set. All these settings appear to function as desired in Firefox 69.0 using the same policies.json entries.

Component: Untriaged → Preferences

We know that disabling the config editor didn't work. That's will be fixed in TB 68.1.1 or TB 68.2, see bug 1579019.

So the remaining issue is the

"SecurityDevices": {
  "DOD_CAC_Reader": "/usr/lib64/pkcs11/libcoolkeypk11.so"
}

Right?

Flags: needinfo?(geoff)
See Also: → 1579019
Summary: settings in policies.json not set → SecurityDevices settings in policies.json don't take effect

Yep, getting SecurityDevices set globally is probably the one I'm most concerned with. Fixing that would alleviate a good amount of admin headache.

Not sure how related this might be....

I'm trying to install multiple certificate authorities using policies.json also:

"Certificates": {
	"Install": [
		"/common/Certs/Certificates_PKCS7_v5.0u1_DoD_DoDRootCA2_withCAs_FirefoxChromeOS.der.p7b",
		"/common/Certs/DODCA_41.pem",
		"/common/Certs/DODCA_42.pem"
             ]
    }

So far using that has not worked in thunderbird or firefox with this new policies.json file.

Thunderbird 68 doesn't have the SecurityDevices policy, so it's unsurprising that it doesn't do anything.

Type: defect → enhancement
Flags: needinfo?(geoff)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.