-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New sysctl fs parameters #8304
New sysctl fs parameters #8304
Conversation
New parameter available on kernel > 4.19
b374f16
to
5a9b614
Compare
I have to investigate why the |
New parameter available on kernel > 4.19
5a9b614
to
fac6bed
Compare
/retest |
@marcusburghardt: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[jcerny@thinkpad scap-security-guide{pr/8304}]$ python3 tests/test_suite.py rule --libvirt qemu:///system ssgts_rhel9 sysctl_fs_protected_fifos sysctl_fs_protected_regular
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-03-10-1033/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_sysctl_fs_protected_fifos
INFO - Script expected_value.pass.sh using profile (all) OK
INFO - Script missing_parameter.fail.sh using profile (all) OK
INFO - Script unexpected_value.fail.sh using profile (all) OK
[jcerny@thinkpad scap-security-guide{pr/8304}]$ python3 tests/test_suite.py rule --libvirt qemu:///system ssgts_rhel9 sysctl_fs_protected_regular
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-03-10-1035/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_sysctl_fs_protected_regular
INFO - Script expected_value.pass.sh using profile (all) OK
INFO - Script missing_parameter.fail.sh using profile (all) OK
INFO - Script unexpected_value.fail.sh using profile (all) OK
{{% endif %}} | ||
<criteria operator="AND"> | ||
<extend_definition comment="{{{ SYSCTLVAR }}} configuration setting check" definition_ref="sysctl_static_{{{ SYSCTLID }}}" /> | ||
<extend_definition comment="{{{ SYSCTLVAR }}} runtime setting check" definition_ref="sysctl_runtime_{{{ SYSCTLID }}}" /> | ||
<extend_definition comment="{{{ SYSCTLVAR }}} configuration setting check" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually don't do changes just because of formatting or whitespace.
Since kernel 4.19, new parameters were introduced to permit a better access control to regular files and FIFOs.
This PR adds two new rules for these parameters.