F21 Self Contained Change: Security Policy In The Installer
Steve Grubb
sgrubb at redhat.com
Fri Mar 14 18:57:33 UTC 2014
On Friday, March 14, 2014 06:53:42 PM Matthew Garrett wrote:
> On Fri, Mar 14, 2014 at 02:51:10PM -0400, Steve Grubb wrote:
> > On Friday, March 14, 2014 03:00:20 PM Matthew Garrett wrote:
> > > If there's a default policy that would make sense for most workstation
> > > users, we should just make that the default.
> >
> > Right now there is just one policy. In there future there could be
> > several. I could see a server specific, workstation specific, virt
> > specific, PCI, USGCB, STIG, common criteria, etc.
>
> Having separate server, workstation and cloud products means we can
> apply separate defaults without requiring user interaction. Beyond that,
> why would an end user want to choose common criteria during an
> interactive install? Isn't that something that should be imposed on them
> by their local admin?
Yes, and I believe the kick start would do that. I would also even see a case
where an admin takes the base policy and tailors it with site specific settings
and puts that into effect instead of the default one we provide. I like the
idea of choice.
-Steve
More information about the devel
mailing list