Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-88303

[Epic]: fix: add default seccomp filters for el9/10 [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • [Epic]: fix: add default seccomp filters for el9/10 [rhel-9]
    • Low
    • Red Hat Enterprise Linux
    • 0% To Do, 0% In Progress, 100% Done
    • rhel-system-roles
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Dev ack

      This is a clone of issue RHEL-88297 to use for version rhel-9.7

      Original description:
      Cause: The timesync role is replacing the default `OPTIONS=` setting for chronyd with `""` upon every role run.

      Consequence: This removes the default `OPTIONS="-F 2"` setting on EL9 and EL10 which weakens the security of chronyd.

      Fix: Add `-F 2` as the default setting for `OPTIONS` in EL9 and EL10. Ensure that the user can override this setting if necessary, and ensure that this setting can co-exist with other `OPTIONS` settings that may be set by the user.

      Result: The timesync role applies the correct security settings on every platform and allows the user to override/extend these settings.

      Fixes #278

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: