openstack/ansible-hardening
Code Issues Proposed changes

[Docs] Exception for SELinux user confinement

Browse Source 
This patch adds an exception for SELinux user confinement since it's not
possible to determine admin and non-admin users within the security role
itself.

Implements: blueprint security-rhel7-stig
Change-Id: Ifbcc88c3b8f862bead7710140234678f7287ec09
This commit is contained in:
Major Hayden
2016-11-29 14:44:17 -06:00
parent 04ff6e1c89
commit 27395799f0
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
doc/metadata/rhel7/RHEL-07-020090.rst
View File

@@ -1,7 +1,15 @@
---
id: RHEL-07-020090
status: not implemented
tag: misc
status: exception - manual intervention
tag: auth
---
This STIG requirement is not yet implemented.
The tasks in the security role cannot determine the access levels of individual
users.
Deployers are strongly encouraged to configure SELinux user confinement on
compatible systems using ``semanage login``. Refer to the
`Confining Existing Linux Users`_ documentation from Red Hat for detailed
information and command line examples.
.. _Confining Existing Linux Users: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html