Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: rhel-system-roles
Labels:
- system_role_timesync

Epic Name:
[Epic]: fix: add default seccomp filters for el9/10
Severity:
Low
Products:

Red Hat Enterprise Linux
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done

AssignedTeam:
rhel-system-roles

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
ACKs Check:

Dev ack

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Cause: The timesync role is replacing the default `OPTIONS=` setting for chronyd with `""` upon every role run.

Consequence: This removes the default `OPTIONS="-F 2"` setting on EL9 and EL10 which weakens the security of chronyd.

Fix: Add `-F 2` as the default setting for `OPTIONS` in EL9 and EL10. Ensure that the user can override this setting if necessary, and ensure that this setting can co-exist with other `OPTIONS` settings that may be set by the user.

Result: The timesync role applies the correct security settings on every platform and allows the user to override/extend these settings.

Fixes #278

links to

link to github issue

Assignee:: Richard Megginson

Reporter:: Richard Megginson

Developer:: Richard Megginson

QA Contact:: David Jez

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/04/23 10:26 PM

Updated:: 2025/06/12 1:15 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates