Security policy checks

[joseivanlopez]

Problem

YaST installer is now able to validate whether a setup fulfills the installation requirements of the DISA STIG security policy, see https://github.com/yast/yast-security/pull/128. Some of those checks affect to the storage setup. But neither Guided Setup nor Expert Partitioner are performing checks for the enabled security policy.

• Part of
  • https://trello.com/c/SqFGWTyB/3044-build-a-basic-initial-api-for-the-stig-checker
  • https://jira.suse.com/browse/PM-3526
• Requires: https://github.com/yast/yast-security/pull/128

Solution

Perform policy checks and show issues in both the storage proposal dialog and the Expert Partitioner. Note that a policy can be enabled by default with the YAST_SECURITY_POLICY boot parameter, for example YAST_SECURITY_POLICY=stig.

NOTE: this will be merged after https://github.com/yast/yast-security/pull/128.

Testing

• Added new unit tests
• Tested manually

Screenshots

[mvidner]

OK, only when seeing this PR do I understand the purpose of scopes in https://github.com/yast/yast-security/pull/131 : so that a YaST module can run only the relevant part of the security policy which it can configure

[joseivanlopez]

LGTM, except the dependencies:

This depends on yast/yast-security#131 and it should be expressed as a RPM dependency.

We can't do a Require on yast2-security because that would make a circular dependency, but this should work:

Conflicts: yast2-security < 4.4.15

Actually it does not conflict. Policy issues are not shown in that case.

[yast-bot]

:heavy_check_mark: Internal Jenkins job #8 successfully finished :heavy_check_mark: Created IBS submit request #283941