F21 Self Contained Change: Security Policy In The Installer
Jan Lieskovsky
jlieskov at redhat.com
Thu Mar 13 18:45:58 UTC 2014
> On Thu, Mar 13, 2014 at 01:40:53PM -0400, Jan Lieskovsky wrote:
>
> > Of course, in the case they wouldn't like to configure any security
> > policy and use just vanilla Fedora installation, the can "ignore"
> > the security section, configure just those sections as configured
> > (required to be configured) now (e.g. INSTALLATION SOURCE, SOFTWARE
> > SELECTION etc.), and click the "Begin Installation" button. In that
> > case no security profile would be applied.
>
> The demos seem to cover the case where there's already data provided
> from the Kickstart file. What options are presented to the user if
> there's no oscap entry in Kickstart? Is the user expected to provide a
> path to download a policy?
Yes, there are two ways how to provide the policy - either via kickstart
or via GUI by entering the HTTP / FTP URI [*] of the policy (in RPM
package format) and clicking the "Fetch data" button.
I can remember seeing some video from Vratislav demonstrating the 'fetch
security policy in RPM format remotely' scenario too, but you are right
it's not illustrated in those demos (yet). Vratislav, can you add
demo video of this use case too?
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
[*] At the moment "only" HTTP / FTP options are allowed, but AFAIK there's support
for more protocols planned.
>
> --
> Matthew Garrett | mjg59 at srcf.ucam.org
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list