-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow and use UUIDs for mount options and point remedations #12273
Comments
This is a major problem, NOT an enhancement. It is causing systems to become unbootable and enter emergency mode (which is locked out per another STIG) after this STIG is applied if disks are attached or detached. This is also in violation of Red Hat's guidance, because they warn that using /dev/sdX is NOT persistent. This completely overwrites the UUID if fstab contains a UUID. |
Agreed, this is a bug. I have removed the enhancement, label. From my quick testing it appears that this only affects the bash remediation, not the Ansible. So for the time being it might better to use those. |
Share the context
RHEL (and other distros) by default use UUIDs to identify partitions and disks
/etc/fstab
this allows the system to be resilient and able to adapt to change if the devices are plugged into the system in a different order than when the system was installed.Description of problem:
When our content adds mount options like
nodev
we replace the UUID with the device id of something like/dev/sda
. This makes the system less resilient to change.Proposed change:
Our remediation use
UUID="..."
vs/dev/sdX
for remediation of mount points and mount options.We can use files
/dev/disk/by-uuid/
and similar to better help us figure what UUIDs to use in our remedations.The text was updated successfully, but these errors were encountered: