28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
From b18adf58035b2c2ce1d4259bccb52d364bf7a6a0 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
Date: Fri, 1 Jul 2022 15:22:03 +0200
|
|
Subject: [PATCH] Enforce rule sysctl_user_max_user_namespaces in RHEL 9 OSPP
|
|
|
|
Removal of the role and severity attributes will cause that
|
|
the rule will start to be evaluated and remediation will
|
|
actually disable the user namespaces on the target system.
|
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2083716
|
|
---
|
|
products/rhel9/profiles/ospp.profile | 2 --
|
|
1 file changed, 2 deletions(-)
|
|
|
|
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
|
|
index 1fad0031749..136bb163646 100644
|
|
--- a/products/rhel9/profiles/ospp.profile
|
|
+++ b/products/rhel9/profiles/ospp.profile
|
|
@@ -135,8 +135,6 @@ selections:
|
|
- sysctl_kernel_yama_ptrace_scope
|
|
- sysctl_kernel_perf_event_paranoid
|
|
- sysctl_user_max_user_namespaces
|
|
- - sysctl_user_max_user_namespaces.role=unscored
|
|
- - sysctl_user_max_user_namespaces.severity=info
|
|
- sysctl_kernel_unprivileged_bpf_disabled
|
|
- sysctl_net_core_bpf_jit_harden
|
|
- service_kdump_disabled
|