Bug 1658007
| Summary: | Warn admin that daemons/services after change in system crypto policy have to be restarted | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
| Component: | crypto-policies | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondrej Moriš <omoris> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.0 | CC: | nmavrogi, omoris |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | crypto-policies-20181217-1.git9a35207.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-13 23:08:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Huzaifa S. Sidhpurwala
2018-12-11 02:38:01 UTC
I'd say something like the following message would be more appropriate: Note: System-wide crypto policies are applied on service startup. It is recommended to restart the system for the change of policies to fully take place. Ondrej, would you give qa_ack+? I would just prefer not to advise system restart but rather restarting "all services using the system-wide crypto policies" only (or both). Recommending system update just reminds me other operating system... but I am OK with any message. Acceptance Criteria: * When crypto-policy level is changed, warning message advising system/service restart is shown. The problem with telling the user to restart system services is that we cannot know what all the system services that have to be restarted are. There also might be services that are not easily restartable (i.e. dbus, user session, ... although these are probably not affected currently by crypto policies). We can try to describe the situation in the manual page. On the other hand changing the system-wide crypto policy level is operation that normally should not be performed more times than just after (or during) the system installation so I do not think this is a too big issue. Maybe the warning message should ask the admin to restart services and mention "please refer the man page for more details" But we will not answer the logical question "which services" there either. Successfully verified. NEW (crypto-policies-20181217-1.git9a35207.el8) =============================================== # update-crypto-policies --set DEFAULT Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. I agree that we cannot be more specific about what services or applications should be restarted. (In reply to Ondrej Moriš from comment #7) > Successfully verified. > > NEW (crypto-policies-20181217-1.git9a35207.el8) > =============================================== > # update-crypto-policies --set DEFAULT > Setting system policy to DEFAULT > Note: System-wide crypto policies are applied on application start-up. > It is recommended to restart the system for the change of policies > to fully take place. > > I agree that we cannot be more specific about what services or applications > should be restarted. +1. Thank you for the quick turnaround time! |