Skip to content

Add rules to configure zIPL#5784

Merged
jan-cerny merged 5 commits intoComplianceAsCode:masterfrom
yuumasato:zipl_rules
Jun 3, 2020
Merged

Add rules to configure zIPL#5784
jan-cerny merged 5 commits intoComplianceAsCode:masterfrom
yuumasato:zipl_rules

Conversation

@yuumasato
Copy link
Copy Markdown
Member

@yuumasato yuumasato commented May 25, 2020
edited
Loading

Description:

  • Add bootloader-zip group
  • Add few rules for kernel options in zIPL
    • Ensure audit=1 is set
    • Ensure audit_backlog_limit=8192 is set
    • Ensure selinux=0 is not set

@openshift-ci-robot
Copy link
Copy Markdown
Collaborator

openshift-ci-robot commented May 25, 2020

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Used by openshift-ci bot. label May 25, 2020
dahaic
dahaic reviewed May 25, 2020
View reviewed changes
Comment thread linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml Outdated
@yuumasato yuumasato marked this pull request as ready for review May 26, 2020 13:30
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label May 26, 2020
ggbecker
ggbecker reviewed May 27, 2020
View reviewed changes
Comment thread linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml Outdated
@JAORMX
Copy link
Copy Markdown
Contributor

JAORMX commented May 27, 2020

/retest

@JAORMX
Copy link
Copy Markdown
Contributor

JAORMX commented May 27, 2020

/ok-to-test

@openshift-ci-robot openshift-ci-robot added the ok-to-test Used by openshift-ci bot. label May 27, 2020
@JAORMX
Copy link
Copy Markdown
Contributor

JAORMX commented May 27, 2020

/test all

@JAORMX
Copy link
Copy Markdown
Contributor

JAORMX commented May 27, 2020

/retest

yuumasato added 2 commits May 28, 2020 16:12
@yuumasato
Add zIPL rule for early audit capability
13c11b5
@yuumasato
Add few more zIPL kernel option rules
221979b 
Add rules for following options:
- audit_backlog_limit
- selinux
- audit_backlog_limit
- enable_selinux
- page_poison
- pti
- slub_debug
- vsyscall
@yuumasato yuumasato requested a review from dahaic May 28, 2020 14:17
@yuumasato yuumasato mentioned this pull request Jun 1, 2020
Merged
@yuumasato
Fix formatting of zIPL rules
a45ba0e 
<pre> is renderend in a separate line, while <tt> is rendered inline.
Add line breaks for better readability.
jan-cerny
jan-cerny requested changes Jun 3, 2020
View reviewed changes
Comment thread linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml Outdated
@jan-cerny jan-cerny self-assigned this Jun 3, 2020
@jan-cerny jan-cerny added this to the 0.1.51 milestone Jun 3, 2020
@jan-cerny jan-cerny merged commit f00677a into ComplianceAsCode:master Jun 3, 2020
@yuumasato yuumasato deleted the zipl_rules branch June 3, 2020 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggbecker ggbecker ggbecker left review comments

@jan-cerny jan-cerny jan-cerny approved these changes

@dahaic dahaic Awaiting requested review from dahaic

Assignees

@jan-cerny jan-cerny

Labels

ok-to-test Used by openshift-ci bot.

Projects

None yet

Milestone

0.1.51

Development

Successfully merging this pull request may close these issues.

6 participants

@yuumasato @openshift-ci-robot @JAORMX @dahaic @jan-cerny @ggbecker