systemd: ignore subpolicy for FIPS crypto policies
Our FIPS check compared the whole policy including subpolicies, as FIPS:OCPP is a valid FIPS policy we should only check the policy. Closes #18062
This commit is contained in:
parent
a1606d1944
commit
99bfebd6cb
|
@ -199,7 +199,7 @@ export const CryptoPolicyStatus = () => {
|
|||
useEffect(() => {
|
||||
if (currentCryptoPolicy === null) {
|
||||
cockpit.file("/etc/crypto-policies/state/current")
|
||||
.watch(content => setCurrentCryptoPolicy(content ? content.trim() : undefined));
|
||||
.watch(content => setCurrentCryptoPolicy(content ? content.trim().split(':', 1)[0] : undefined));
|
||||
}
|
||||
|
||||
cockpit.file("/proc/sys/crypto/fips_enabled").read()
|
||||
|
|
|
@ -947,6 +947,12 @@ password=foobar
|
|||
b.wait_text("#crypto-policy-button", "FIPS")
|
||||
self.assertEqual(m.execute("cat /proc/sys/crypto/fips_enabled").strip(), "1")
|
||||
|
||||
m.execute(cmd + " --set DEFAULT")
|
||||
b.wait_text("#inconsistent_crypto_policy", "Crypto policy is inconsistent")
|
||||
m.execute(cmd + " --set FIPS:OSPP")
|
||||
b.wait_text("#crypto-policy-button", "Fips:ospp")
|
||||
b.wait_not_present("#inconsistent_crypto_policy")
|
||||
|
||||
# Setting via dialog
|
||||
m.execute(cmd + " --set DEFAULT")
|
||||
b.wait_text("#inconsistent_crypto_policy", "Crypto policy is inconsistent")
|
||||
|
|
Loading…
Reference in New Issue