|
 |
d10e36 |
From 01b1ade0e5713bf3f11f78cc0ca7e43f74eb8a46 Mon Sep 17 00:00:00 2001
|
|
|
d10e36 |
From: Watson Sato <wsato@redhat.com>
|
|
|
d10e36 |
Date: Tue, 2 Feb 2021 01:02:48 +0100
|
|
|
d10e36 |
Subject: [PATCH 1/2] Drop remediation for sysctl_kernel_modules_disabled
|
|
|
d10e36 |
|
|
|
d10e36 |
Remediating this during kickstart install time renders the machine
|
|
|
d10e36 |
unbootable.
|
|
|
d10e36 |
---
|
|
|
d10e36 |
.../restrictions/sysctl_kernel_modules_disabled/rule.yml | 3 +++
|
|
|
d10e36 |
1 file changed, 3 insertions(+)
|
|
|
d10e36 |
|
|
|
d10e36 |
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
index 1811c43815..34e8290f74 100644
|
|
|
d10e36 |
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
@@ -32,3 +32,6 @@ template:
|
|
|
d10e36 |
sysctlvar: kernel.modules_disabled
|
|
|
d10e36 |
sysctlval: '1'
|
|
|
d10e36 |
datatype: int
|
|
|
d10e36 |
+ backends:
|
|
|
d10e36 |
+ # Automated remediation of this rule disrupts installs via kickstart
|
|
|
d10e36 |
+ bash: 'off'
|
|
|
d10e36 |
|
|
|
d10e36 |
From 77eeafd1af1445a185651c77b143bce0004badda Mon Sep 17 00:00:00 2001
|
|
|
d10e36 |
From: Watson Sato <wsato@redhat.com>
|
|
|
d10e36 |
Date: Tue, 2 Feb 2021 09:23:17 +0100
|
|
|
d10e36 |
Subject: [PATCH 2/2] Add warning why rule has no remediation
|
|
|
d10e36 |
|
|
|
d10e36 |
Rule sysctl_kernel_modules_disabled disrupts the install and boot
|
|
|
d10e36 |
process if remediated during installation.
|
|
|
d10e36 |
---
|
|
|
d10e36 |
.../restrictions/sysctl_kernel_modules_disabled/rule.yml | 7 ++++++-
|
|
|
d10e36 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
d10e36 |
|
|
|
d10e36 |
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
index 34e8290f74..438cd2759e 100644
|
|
|
d10e36 |
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
|
|
|
d10e36 |
@@ -26,6 +26,11 @@ references:
|
|
|
d10e36 |
|
|
|
d10e36 |
platform: machine
|
|
|
d10e36 |
|
|
|
d10e36 |
+warnings:
|
|
|
d10e36 |
+ - general:
|
|
|
d10e36 |
+ This rule doesn't come with Bash remediation.
|
|
|
d10e36 |
+ Remediating this rule during the installation process disrupts the install and boot process.
|
|
|
d10e36 |
+
|
|
|
d10e36 |
template:
|
|
|
d10e36 |
name: sysctl
|
|
|
d10e36 |
vars:
|
|
|
d10e36 |
@@ -33,5 +38,5 @@ template:
|
|
|
d10e36 |
sysctlval: '1'
|
|
|
d10e36 |
datatype: int
|
|
|
d10e36 |
backends:
|
|
|
d10e36 |
- # Automated remediation of this rule disrupts installs via kickstart
|
|
|
d10e36 |
+ # Automated remediation of this rule during installations disrupts the first boot
|
|
|
d10e36 |
bash: 'off'
|