Closed joseivanlopez closed 1 year ago
OK, only when seeing this PR do I understand the purpose of scopes in https://github.com/yast/yast-security/pull/131 : so that a YaST module can run only the relevant part of the security policy which it can configure
LGTM, except the dependencies:
This depends on yast/yast-security#131 and it should be expressed as a RPM dependency.
We can't do a
Require
on yast2-security because that would make a circular dependency, but this should work:Conflicts: yast2-security < 4.4.15
Actually it does not conflict. Policy issues are not shown in that case.
:heavy_check_mark: Internal Jenkins job #8 successfully finished :heavy_check_mark: Created IBS submit request #283941
Problem
YaST installer is now able to validate whether a setup fulfills the installation requirements of the DISA STIG security policy, see https://github.com/yast/yast-security/pull/128. Some of those checks affect to the storage setup. But neither Guided Setup nor Expert Partitioner are performing checks for the enabled security policy.
Solution
Perform policy checks and show issues in both the storage proposal dialog and the Expert Partitioner. Note that a policy can be enabled by default with the
YAST_SECURITY_POLICY
boot parameter, for exampleYAST_SECURITY_POLICY=stig
.NOTE: this will be merged after https://github.com/yast/yast-security/pull/128.
Testing
Screenshots