Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rhel9 stig: make rule syscl_user_max_user_namespaces not scored and i…
Browse files Browse the repository at this point in the history
…nformational

The rule can conflict with some services which use Systemd PrivateUsers feature, such as irqbalance.
Therefore, we do not enforce the rule and it is kept there as informational only.
vojtapolasek committed Jan 14, 2025
1 parent af4b1c4 commit bd7e63b
Showing 2 changed files with 5 additions and 0 deletions.
3 changes: 3 additions & 0 deletions products/rhel9/profiles/stig.profile
Original file line number Diff line number Diff line change
@@ -28,3 +28,6 @@ selections:
- stig_rhel9:all
# Following rules once had a prodtype incompatible with the rhel9 product
- '!audit_rules_immutable_login_uids'
# the following rule causes problems with irqbalance which is present in default RHEL 9 installation, therefore it is not enforced
- sysctl_user_max_user_namespaces.role=unscored
- sysctl_user_max_user_namespaces.severity=info
2 changes: 2 additions & 0 deletions tests/data/profile_stability/rhel9/stig.profile
Original file line number Diff line number Diff line change
@@ -506,6 +506,8 @@ selections:
- sysctl_net_ipv6_conf_default_accept_redirects
- sysctl_net_ipv6_conf_default_accept_source_route
- sysctl_user_max_user_namespaces
- sysctl_user_max_user_namespaces.role=unscored
- sysctl_user_max_user_namespaces.severity=info
- usbguard_generate_policy
- use_pam_wheel_for_su
- wireless_disable_interfaces

0 comments on commit bd7e63b

Please sign in to comment.