F21 Self Contained Change: Security Policy In The Installer
Vratislav Podzimek
vpodzime at redhat.com
Thu Mar 13 20:36:44 UTC 2014
On Thu, 2014-03-13 at 14:45 -0400, Jan Lieskovsky wrote:
> > On Thu, Mar 13, 2014 at 01:40:53PM -0400, Jan Lieskovsky wrote:
> >
> > > Of course, in the case they wouldn't like to configure any security
> > > policy and use just vanilla Fedora installation, the can "ignore"
> > > the security section, configure just those sections as configured
> > > (required to be configured) now (e.g. INSTALLATION SOURCE, SOFTWARE
> > > SELECTION etc.), and click the "Begin Installation" button. In that
> > > case no security profile would be applied.
> >
> > The demos seem to cover the case where there's already data provided
> > from the Kickstart file. What options are presented to the user if
> > there's no oscap entry in Kickstart? Is the user expected to provide a
> > path to download a policy?
>
> Yes, there are two ways how to provide the policy - either via kickstart
> or via GUI by entering the HTTP / FTP URI [*] of the policy (in RPM
> package format) and clicking the "Fetch data" button.
The SCAP Security Guide content is loaded automatically (if available)
and even when user clicks the "Change content" button, there is again
the "Use SCAP Security Guide" button that gives them SSG back. Otherwise
fetching data stream collection (XML), archive (zip or tarball) or RPM
is supported so far. Other protocols and format types may be added in
the future based on user feedback and requests.
>
> I can remember seeing some video from Vratislav demonstrating the 'fetch
> security policy in RPM format remotely' scenario too, but you are right
> it's not illustrated in those demos (yet). Vratislav, can you add
> demo video of this use case too?
The RPM support is demonstrated in the following video preview:
http://vpodzime.fedorapeople.org/oaa-0.4-changes.webm
However, I see that a new commented video preview would explain a lot of
common questions appearing in this discussion, so I'll record one
tomorrow and post it here and on the feature page.
Thanks for the useful and constructive feedback, guys!
--
Vratislav Podzimek
Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic
More information about the devel
mailing list