diff --git a/internal/policies/manager.go b/internal/policies/manager.go index 6a94c4a93..a757da166 100644 --- a/internal/policies/manager.go +++ b/internal/policies/manager.go @@ -38,6 +38,7 @@ import ( log "github.com/ubuntu/adsys/internal/grpc/logstreamer" "github.com/ubuntu/adsys/internal/i18n" "github.com/ubuntu/adsys/internal/policies/apparmor" + "github.com/ubuntu/adsys/internal/policies/certificate" "github.com/ubuntu/adsys/internal/policies/dconf" "github.com/ubuntu/adsys/internal/policies/entry" "github.com/ubuntu/adsys/internal/policies/gdm" @@ -60,15 +61,16 @@ type Manager struct { policiesCacheDir string hostname string - dconf *dconf.Manager - privilege *privilege.Manager - scripts *scripts.Manager - mount *mount.Manager - gdm *gdm.Manager - apparmor *apparmor.Manager - proxy *proxy.Manager backend backends.Backend + dconf *dconf.Manager + privilege *privilege.Manager + scripts *scripts.Manager + mount *mount.Manager + gdm *gdm.Manager + apparmor *apparmor.Manager + proxy *proxy.Manager + certificate *certificate.Manager subscriptionDbus dbus.BusObject @@ -91,10 +93,12 @@ type systemdCaller interface { type options struct { cacheDir string + stateDir string dconfDir string sudoersDir string policyKitDir string runDir string + shareDir string apparmorDir string apparmorFsDir string systemUnitDir string @@ -209,7 +213,9 @@ func NewManager(bus *dbus.Conn, hostname string, backend backends.Backend, opts // defaults args := options{ cacheDir: consts.DefaultCacheDir, + stateDir: consts.DefaultStateDir, runDir: consts.DefaultRunDir, + shareDir: consts.DefaultShareDir, apparmorDir: consts.DefaultApparmorDir, systemUnitDir: consts.DefaultSystemUnitDir, systemdCaller: defaultSystemdCaller, @@ -259,6 +265,13 @@ func NewManager(bus *dbus.Conn, hostname string, backend backends.Backend, opts } proxyManager := proxy.New(bus, proxyOptions...) + // certificate manager + certificateManager := certificate.New(backend.Domain(), + certificate.WithRunDir(args.runDir), + certificate.WithStateDir(args.stateDir), + certificate.WithCacheDir(args.cacheDir), + ) + // inject applied dconf mangager if we need to build a gdm manager if args.gdm == nil { if args.gdm, err = gdm.New(gdm.WithDconf(dconfManager)); err != nil { @@ -284,6 +297,7 @@ func NewManager(bus *dbus.Conn, hostname string, backend backends.Backend, opts mount: mountManager, apparmor: apparmorManager, proxy: proxyManager, + certificate: certificateManager, gdm: args.gdm, subscriptionDbus: subscriptionDbus, @@ -341,6 +355,11 @@ func (m *Manager) ApplyPolicies(ctx context.Context, objectName string, isComput g.Go(func() error { return m.proxy.ApplyPolicy(ctx, objectName, isComputer, rules["proxy"]) }) + g.Go(func() error { + // Ignore error as we don't want to fail because of online status this late in the process + isOnline, _ := m.backend.IsOnline() + return m.certificate.ApplyPolicy(ctx, objectName, isComputer, isOnline, rules["certificate"]) + }) if err := g.Wait(); err != nil { return err } diff --git a/internal/policies/manager_test.go b/internal/policies/manager_test.go index 67f70c3af..ebd8a323e 100644 --- a/internal/policies/manager_test.go +++ b/internal/policies/manager_test.go @@ -41,10 +41,12 @@ func TestApplyPolicies(t *testing.T) { isNotSubscribed bool secondCallWithNoSubscription bool noUbuntuProxyManager bool + backendOfflineError bool wantErr bool }{ "Succeed": {policiesDir: "all_entry_types"}, + "Succeed if checking for backend online status returns an error": {backendOfflineError: true, policiesDir: "all_entry_types"}, "Second call with no rules deletes everything": {policiesDir: "all_entry_types", secondCallWithNoRules: true, scriptSessionEndedForSecondCall: true}, "Second call with no rules don't remove scripts if session hasn’t ended": {policiesDir: "all_entry_types", secondCallWithNoRules: true, scriptSessionEndedForSecondCall: false}, diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/nested/usr.bin.baz b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/nested/usr.bin.baz new file mode 100644 index 000000000..c3fdc981e --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/nested/usr.bin.baz @@ -0,0 +1 @@ +/usr/bin/baz {} diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.bar b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.bar new file mode 100644 index 000000000..9fc2774f1 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.bar @@ -0,0 +1 @@ +/usr/bin/bar {} diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.foo b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.foo new file mode 100644 index 000000000..450648222 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/apparmor.d/adsys/machine/usr.bin.foo @@ -0,0 +1 @@ +/usr/bin/foo {} diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/adsys b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/adsys new file mode 100644 index 000000000..3067d2ff6 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/adsys @@ -0,0 +1,5 @@ +[path/to] +key1='ValueOfKey1' +key2='ValueOfKey2 +On +Multilines' diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/locks/adsys b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/locks/adsys new file mode 100644 index 000000000..82ce2888c --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/dconf/db/machine.d/locks/adsys @@ -0,0 +1,2 @@ +/path/to/key1 +/path/to/key2 diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf new file mode 100644 index 000000000..dbf1b12ee --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -0,0 +1,6 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +[Configuration] +AdminIdentities=unix-user:alice@domain;unix-user:bob@domain2;unix-group:mygroup@domain;unix-user:cosmic carole@domain diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/sudoers.d/99-adsys-privilege-enforcement b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/sudoers.d/99-adsys-privilege-enforcement new file mode 100644 index 000000000..e97388f49 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/sudoers.d/99-adsys-privilege-enforcement @@ -0,0 +1,9 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +"alice@domain" ALL=(ALL:ALL) ALL +"bob@domain2" ALL=(ALL:ALL) ALL +"%mygroup@domain" ALL=(ALL:ALL) ALL +"cosmic carole@domain" ALL=(ALL:ALL) ALL + diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-cifs-example.com-smb_share.mount b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-cifs-example.com-smb_share.mount new file mode 100644 index 000000000..74da4d221 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-cifs-example.com-smb_share.mount @@ -0,0 +1,17 @@ +# This template defines the basic structure of a mount unit generated by ADSys for system mounts. +[Unit] +Description=ADSys mount for smb://example.com/smb_share +After=network-online.target +Requires=network-online.target + +[Mount] +What=//example.com/smb_share +Where=/adsys/cifs/example.com/smb_share +Type=cifs +Options=defaults +# This option prevents hangs on shutdown due to an unreachable network share. +LazyUnmount=true +TimeoutSec=30 + +[Install] +WantedBy=default.target diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-fuse-example.com-ftp_share.mount b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-fuse-example.com-ftp_share.mount new file mode 100644 index 000000000..f051513af --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-fuse-example.com-ftp_share.mount @@ -0,0 +1,17 @@ +# This template defines the basic structure of a mount unit generated by ADSys for system mounts. +[Unit] +Description=ADSys mount for ftp://example.com/ftp_share +After=network-online.target +Requires=network-online.target + +[Mount] +What=curlftpfs#example.com +Where=/adsys/fuse/example.com/ftp_share +Type=fuse +Options=defaults +# This option prevents hangs on shutdown due to an unreachable network share. +LazyUnmount=true +TimeoutSec=30 + +[Install] +WantedBy=default.target diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-nfs-example.com-nfs_share.mount b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-nfs-example.com-nfs_share.mount new file mode 100644 index 000000000..bdfa1c268 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/systemd/system/adsys-nfs-example.com-nfs_share.mount @@ -0,0 +1,17 @@ +# This template defines the basic structure of a mount unit generated by ADSys for system mounts. +[Unit] +Description=ADSys mount for nfs://example.com/nfs_share +After=network-online.target +Requires=network-online.target + +[Mount] +What=example.com:/nfs_share +Where=/adsys/nfs/example.com/nfs_share +Type=nfs +Options=defaults +# This option prevents hangs on shutdown due to an unreachable network share. +LazyUnmount=true +TimeoutSec=30 + +[Install] +WantedBy=default.target diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/.ready b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/.ready new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/.running b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/.running new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logoff b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logoff new file mode 100644 index 000000000..f1f55fa88 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logoff @@ -0,0 +1 @@ +scripts/otherfolder/script-user-logoff diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logon b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logon new file mode 100644 index 000000000..0aa0488d4 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/logon @@ -0,0 +1 @@ +scripts/script-user-logon diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/empty-subfolder/.empty b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/empty-subfolder/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/final-machine-script.sh b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/final-machine-script.sh new file mode 100755 index 000000000..ae7b4be6c --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/final-machine-script.sh @@ -0,0 +1 @@ +final machine script diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/otherfolder/script-user-logoff b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/otherfolder/script-user-logoff new file mode 100755 index 000000000..4080816a8 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/otherfolder/script-user-logoff @@ -0,0 +1 @@ +script user logoff diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-shutdown b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-shutdown new file mode 100755 index 000000000..4dc4c0713 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-shutdown @@ -0,0 +1 @@ +script machine shutdown diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-startup b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-startup new file mode 100755 index 000000000..5adba498f --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-machine-startup @@ -0,0 +1 @@ +script machine startup diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-user-logon b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-user-logon new file mode 100755 index 000000000..e5a483136 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/script-user-logon @@ -0,0 +1 @@ +script user logon diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/subfolder/other-script b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/subfolder/other-script new file mode 100755 index 000000000..47e740068 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/subfolder/other-script @@ -0,0 +1 @@ +subfolder other script diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-data b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-data new file mode 100644 index 000000000..802d880a9 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-data @@ -0,0 +1 @@ +unreferenced data diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-script b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-script new file mode 100644 index 000000000..be58cc792 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/scripts/unreferenced-script @@ -0,0 +1 @@ +unreferenced script diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/shutdown b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/shutdown new file mode 100644 index 000000000..58c17cc29 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/shutdown @@ -0,0 +1 @@ +scripts/script-machine-shutdown diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/startup b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/startup new file mode 100644 index 000000000..62ca19d92 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/machine/scripts/startup @@ -0,0 +1,3 @@ +scripts/script-machine-startup +scripts/subfolder/other-script +scripts/final-machine-script.sh diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/users/.empty b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/run/adsys/users/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/sys/kernel/security/apparmor/profiles b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/sys/kernel/security/apparmor/profiles new file mode 100644 index 000000000..bb27bcb87 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/sys/kernel/security/apparmor/profiles @@ -0,0 +1 @@ +someprofile (enforce) diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/assets.db b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/assets.db new file mode 100644 index 000000000..3b52764c0 Binary files /dev/null and b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/assets.db differ diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/policies b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/policies new file mode 100644 index 000000000..65c86435b --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/var/cache/adsys/policies/hostname/policies @@ -0,0 +1,70 @@ +gpos: + - id: '{GPOId}' + name: GPOName + rules: + apparmor: + - key: apparmor-machine + value: | + usr.bin.foo + usr.bin.bar + nested/usr.bin.baz + disabled: false + dconf: + - key: path/to/key1 + value: ValueOfKey1 + disabled: false + meta: s + - key: path/to/key2 + value: | + ValueOfKey2 + On + Multilines + disabled: false + meta: s + mount: + - key: system-mounts + value: | + nfs://example.com/nfs_share + smb://example.com/smb_share + ftp://example.com/ftp_share + disabled: false + privilege: + - key: allow-local-admins + value: "" + disabled: false + - key: client-admins + value: | + alice@domain + bob@domain2 + %mygroup@domain + cosmic carole@domain + disabled: false + proxy: + - key: proxy/auto + value: http://example.com/proxy.pac + disabled: false + - key: proxy/http + value: "" + disabled: true + - key: proxy/no-proxy + value: localhost,127.0.0.1,::1 + disabled: false + scripts: + - key: startup + value: | + script-machine-startup + subfolder/other-script + final-machine-script.sh + disabled: false + - key: shutdown + value: | + script-machine-shutdown + disabled: false + - key: logon + value: | + script-user-logon + disabled: false + - key: logoff + value: | + otherfolder/script-user-logoff + disabled: false