Hide Forgot
After systemwide crypto policies are updated, all daemons and services which follow the policy need to be restarted. It would be nice to show an info, message on policy-update to remind admins to do the same. Something like: [huzaifas@babylon ~]$ sudo update-crypto-policies --set FUTURE Setting system policy to FUTURE Note: Please restart all services using the system-wide crypto policies for effect to take place.
I'd say something like the following message would be more appropriate: Note: System-wide crypto policies are applied on service startup. It is recommended to restart the system for the change of policies to fully take place. Ondrej, would you give qa_ack+?
I would just prefer not to advise system restart but rather restarting "all services using the system-wide crypto policies" only (or both). Recommending system update just reminds me other operating system... but I am OK with any message. Acceptance Criteria: * When crypto-policy level is changed, warning message advising system/service restart is shown.
The problem with telling the user to restart system services is that we cannot know what all the system services that have to be restarted are. There also might be services that are not easily restartable (i.e. dbus, user session, ... although these are probably not affected currently by crypto policies). We can try to describe the situation in the manual page. On the other hand changing the system-wide crypto policy level is operation that normally should not be performed more times than just after (or during) the system installation so I do not think this is a too big issue.
Maybe the warning message should ask the admin to restart services and mention "please refer the man page for more details"
But we will not answer the logical question "which services" there either.
Successfully verified. NEW (crypto-policies-20181217-1.git9a35207.el8) =============================================== # update-crypto-policies --set DEFAULT Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. I agree that we cannot be more specific about what services or applications should be restarted.
(In reply to Ondrej Moriš from comment #7) > Successfully verified. > > NEW (crypto-policies-20181217-1.git9a35207.el8) > =============================================== > # update-crypto-policies --set DEFAULT > Setting system policy to DEFAULT > Note: System-wide crypto policies are applied on application start-up. > It is recommended to restart the system for the change of policies > to fully take place. > > I agree that we cannot be more specific about what services or applications > should be restarted. +1. Thank you for the quick turnaround time!