drop zipl_vsyscall_argument from OSPP profiles

Resolves: rhbz#2060049

scap-security-guide-0.1.63-drop_zipl_vsyscall_argument-PR_9083.patch

@@ -0,0 +1,60 @@
+From b44f64edb4ff2631c7cda02866a07f1eb8888073 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
+Date: Fri, 1 Jul 2022 14:55:53 +0200
+Subject: [PATCH] Remove rule zip_vsyscall_argument
+
+According to
+https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html?highlight=vsyscall
+vsyscall is applicable to X86-64 but ZIPl is used only on
+s390x on RHEL, and likely on other OSes as well.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2060049
+---
+ products/rhel8/profiles/ospp.profile            | 3 ---
+ products/rhel9/profiles/ospp.profile            | 1 -
+ tests/data/profile_stability/rhel8/ospp.profile | 3 ---
+ 3 files changed, 7 deletions(-)
+
+diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
+index e6a0dd75020..235ab3dcfad 100644
+--- a/products/rhel8/profiles/ospp.profile
++++ b/products/rhel8/profiles/ospp.profile
+@@ -437,6 +437,3 @@ selections:
+     - zipl_audit_backlog_limit_argument
+     - zipl_slub_debug_argument
+     - zipl_page_poison_argument
+-    - zipl_vsyscall_argument
+-    - zipl_vsyscall_argument.role=unscored
+-    - zipl_vsyscall_argument.severity=info
+diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
+index 1fad0031749..c5a291d5c69 100644
+--- a/products/rhel9/profiles/ospp.profile
++++ b/products/rhel9/profiles/ospp.profile
+@@ -406,6 +406,5 @@ selections:
+     - zipl_bootmap_is_up_to_date
+     - zipl_audit_argument
+     - zipl_audit_backlog_limit_argument
+-    - zipl_vsyscall_argument
+     - zipl_init_on_alloc_argument
+     - zipl_page_alloc_shuffle_argument
+diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
+index f2a56411e6f..5757acf030e 100644
+--- a/tests/data/profile_stability/rhel8/ospp.profile
++++ b/tests/data/profile_stability/rhel8/ospp.profile
+@@ -233,7 +233,6 @@ selections:
+ - zipl_bootmap_is_up_to_date
+ - zipl_page_poison_argument
+ - zipl_slub_debug_argument
+-- zipl_vsyscall_argument
+ - var_sshd_set_keepalive=0
+ - var_rekey_limit_size=1G
+ - var_rekey_limit_time=1hour
+@@ -265,8 +264,6 @@ selections:
+ - grub2_vsyscall_argument.severity=info
+ - sysctl_user_max_user_namespaces.role=unscored
+ - sysctl_user_max_user_namespaces.severity=info
+-- zipl_vsyscall_argument.role=unscored
+-- zipl_vsyscall_argument.severity=info
+ platforms: !!set {}
+ cpe_names: !!set {}
+ platform: null

scap-security-guide.spec

@@ -26,6 +26,7 @@ Requires:	xml-common, openscap-scanner >= 1.2.5
 
 Patch0:                scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch
 Patch1:                scap-security-guide-0.1.63-audit_access_success_unenforcing-PR_9082.patch
+Patch2:                scap-security-guide-0.1.63-drop_zipl_vsyscall_argument-PR_9083.patch
 
 %description
 The scap-security-guide project provides a guide for configuration of the
@@ -104,6 +105,7 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 * Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2
 - Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
 - Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154)
+- Drop zipl_vsyscall_argument rule from RHEL9 OSPP profile (RHBZ#2060049)
 
 * Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
 - Rebase to a new upstream release (RHBZ#2070563)