On Wed, 2004-07-28 at 08:26, James Laska wrote: > Would it make better sense to stuff this into firstboot to shorten the > number of installer screens? I'm not sure what the rule is in terms of > what goes into anaconda versus what goes into firstboot. Should > anaconda be concerned *only* with packages, while firstboot deals > strictly with post-install configuration (adding users, firewall, clock, > addition package sources (yum, up2date)? Might be the case that this is > a larger issue to be discussed at a later date. I've been wanting to see this for a long time. Ideally, anaconda would install a completely locked down system and then the firewall screen in firstboot could be used to back things off a bit. The more code we can move out of anaconda and into config tools, the more we can remove duplicate code. On the other hand, most of this code has been in anaconda a long time and doesn't need much maintenance. > > -jlaska > > On Wed, 2004-07-28 at 05:35 -0400, Paul Nasrat wrote: > > There are quite a few requests for service by name/service description for > > s-c-securitylevel: > > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128541 > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124161 > > > > There is also this related thread here: > > > > https://listman.redhat.com/archives/fedora-test-list/2004-July/msg00551.html > > > > I thought I'd throw a couple of thoughts up for discussion. > > > > Earlier anaconda would pass a service name + :tcp to lokkit, I'm reluctant to add that back for s-c-securitylevel as it's not quite correct. > > > > Would an add/remove rather than textbox for additional services make better > > sense? In which case should we have a predefined list of more well known > > services, with addition of custom ports (possibly with descriptive text or > > just showing both port and service name from /etc/services). I think an add/remove dialog would be much less prone to error than typing in port:protocol entries in a text box. The thing that bothers me is what to present in firstboot. system-config-securitylevel's UI gets pulled into firstboot in reconfig mode, and in that case asking people questions about which ports they want to open right after they boot their machine for the first time is probably a little confusing. Also, I know that dwalsh is working on putting some SELinux bits into s-c-securitylevel. I don't know how that will affect the overall UI but that's something to think about too. --Brent > > > > I wonder if we will want to have better "service definition" for service publishing via howl. > > > > Paul > > > > -- Fedora-config-list mailing list Fedora-config-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-config-list