Problem Description

During the installation of Containerized AAP 2.5 my customer encountered an issue, because noexec was set for /home, according to standards from the German Government Agency for IT-Security.

It would improve the installation experience, if we would have a preflight check or a hardening note, as discussed with lbenedit1@redhat.com:

https://redhat-internal.slack.com/archives/C0696FT8NBE/p1750758675324209

This is the error they faced:

: automation-controller-task.service: Scheduled restart job, restart counter is at 5.
: Stopped Podman automation-controller-task.service.
: automation-controller-task.service: Start request repeated too quickly.
: automation-controller-task.service: Failed with result 'exit-code'.
: Failed to start Podman automation-controller-task.service.

Supporting documentation

We currently document three other directories, that can't have noexec:

https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/hardening_and_compliance/hardening-aap

Definition of Done

Initial completion during Refinement status and then remove this blue text. 

Should be reviewed and updated by the team, based on each team agreement and conversation during backlog refinement.

< REPLACE AND COPY FROM THIS GUIDANCE DOC>

• Item 1
• Item 2

Requirements

<Replace these with the functional requirements to deliver this work>

• Item 1
• Item 2
• Item 3

End to End Test

<Define at least one end-to-end test that demonstrates how this capability should work from the customers perspective>

1. Step 1
2. Step 2
3. Step 3
4. Step 4

If the previous steps are possible, then the test succeeds.  Otherwise, the test fails.