make sysctl_user_max_user_namespaces enforcing in RHEL9 OSPP
Resolves: rhbz#2083716
This commit is contained in:
parent
ac5b9ee8a7
commit
3c0a847089
@ -0,0 +1,27 @@
|
||||
From b18adf58035b2c2ce1d4259bccb52d364bf7a6a0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Fri, 1 Jul 2022 15:22:03 +0200
|
||||
Subject: [PATCH] Enforce rule sysctl_user_max_user_namespaces in RHEL 9 OSPP
|
||||
|
||||
Removal of the role and severity attributes will cause that
|
||||
the rule will start to be evaluated and remediation will
|
||||
actually disable the user namespaces on the target system.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2083716
|
||||
---
|
||||
products/rhel9/profiles/ospp.profile | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
|
||||
index 1fad0031749..136bb163646 100644
|
||||
--- a/products/rhel9/profiles/ospp.profile
|
||||
+++ b/products/rhel9/profiles/ospp.profile
|
||||
@@ -135,8 +135,6 @@ selections:
|
||||
- sysctl_kernel_yama_ptrace_scope
|
||||
- sysctl_kernel_perf_event_paranoid
|
||||
- sysctl_user_max_user_namespaces
|
||||
- - sysctl_user_max_user_namespaces.role=unscored
|
||||
- - sysctl_user_max_user_namespaces.severity=info
|
||||
- sysctl_kernel_unprivileged_bpf_disabled
|
||||
- sysctl_net_core_bpf_jit_harden
|
||||
- service_kdump_disabled
|
@ -27,6 +27,7 @@ Requires: xml-common, openscap-scanner >= 1.2.5
|
||||
Patch0: scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch
|
||||
Patch1: scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch
|
||||
Patch2: scap-security-guide-0.1.63-drop_zipl_vsyscall_argument-PR_9083.patch
|
||||
Patch3: scap-security-guide-0.1.63-sysctl_user_max_user_namespaces_enforce_in_ospp-PR_9084.patch
|
||||
|
||||
%description
|
||||
The scap-security-guide project provides a guide for configuration of the
|
||||
@ -106,6 +107,7 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
|
||||
- Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
|
||||
- Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154)
|
||||
- Drop zipl_vsyscall_argument rule from RHEL9 OSPP profile (RHBZ#2060049)
|
||||
- make sysctl_user_max_user_namespaces in RHEL9 OSPP (RHBZ#2083716)
|
||||
|
||||
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
|
||||
- Rebase to a new upstream release (RHBZ#2070563)
|
||||
|
Loading…
Reference in New Issue
Block a user