RHCOS4 STIG: Cover the controls that relate to NIST SC #10742
Conversation
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
/test help |
|
@jhrozek: The specified target(s) for
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-aws-rhcos4-stig |
|
/test e2e-aws-rhcos4-stig |
2 similar comments
|
/test e2e-aws-rhcos4-stig |
|
/test e2e-aws-rhcos4-stig |
...s/guide/system/permissions/restrictions/poisoning/coreos_slub_debug_kernel_argument/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
Outdated
Show resolved
Hide resolved
|
/test e2e-aws-rhcos4-stig |
|
/test e2e-aws-rhcos4-stig |
|
Code Climate has analyzed commit 572a1c8 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.5% (0.0% change). View more on Code Climate. |
|
CI succeeded, merging |
Description:
(OpenShift must set the sticky bit for world-writable directories.). For some reason, this
control does not pass on default OCP and the directories that are world-writable but don't
have a sticky bit set are typically in the pod mounts or rpm-ostree. I don't think there
is much we can do except either remove that control or mark it as does not meet - but
we can't have an automated check for it at the moment.
Rationale:
Review Hints: