From 8bcd3d44e2b33538a982614a0e22e92232fe030a Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 14 Jan 2025 14:11:40 +0100
Subject: [PATCH] rhel9 stig_gui: add rule back, it stays informational and
 does no harm

---
 products/rhel9/profiles/stig_gui.profile            | 4 ----
 tests/data/profile_stability/rhel9/stig_gui.profile | 3 +++
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/products/rhel9/profiles/stig_gui.profile b/products/rhel9/profiles/stig_gui.profile
index 507cd07cb32..586e1d99bcb 100644
--- a/products/rhel9/profiles/stig_gui.profile
+++ b/products/rhel9/profiles/stig_gui.profile
@@ -43,9 +43,5 @@ selections:
     # RHEL-09-215025
     - '!package_nfs-utils_removed'
 
-    # RHEL-09-213105
-    # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese
-    # https://issues.redhat.com/browse/RHEL-10416
-    - '!sysctl_user_max_user_namespaces'
     # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant
     - '!logind_session_timeout'
diff --git a/tests/data/profile_stability/rhel9/stig_gui.profile b/tests/data/profile_stability/rhel9/stig_gui.profile
index 872ec1fb054..a9ad1759c9d 100644
--- a/tests/data/profile_stability/rhel9/stig_gui.profile
+++ b/tests/data/profile_stability/rhel9/stig_gui.profile
@@ -515,6 +515,9 @@ selections:
 - sysctl_net_ipv6_conf_default_accept_ra
 - sysctl_net_ipv6_conf_default_accept_redirects
 - sysctl_net_ipv6_conf_default_accept_source_route
+- sysctl_user_max_user_namespaces
+- sysctl_user_max_user_namespaces.role=unscored
+- sysctl_user_max_user_namespaces.severity=info
 - usbguard_generate_policy
 - use_pam_wheel_for_su
 - wireless_disable_interfaces