Exclude user nfsnobody when checking home directories

[mildas]

Description:

Filter user nfsnobody on RHEL7 systems.

Rationale:

Similar to #8393 fix

Fixes #8419

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

[ggbecker]

Suggested change

	<unix:username datatype="string" operation="equals">nfsnobody</unix:username>
	<unix:username datatype="string" operation="pattern match">^(nobody|nfsnobody)$</unix:username>

Can't we do something like this and remove the nobody from line 13 and make this filter applicable to all products?

[ggbecker]

nfsnobody shouldn't be expected to be a regular user even in other platforms, even though it should be technically possible

[yuumasato]

We can, but I didn't want other products to have more users excluded than necessary.

[yuumasato]

Hmm, maybe it is fine then.

[mildas]

What is the conclusion? Should add nobody there or not?

[ggbecker]

Let's do the following:

Line 13:
<unix:username datatype="string" operation="pattern match">.*</unix:username>

Then we keep the filter exclude for all platforms but we assign the list of users to a jinja variable (example) according to the product, for example:

rhel7 and ol7 - "nobody|nfsnobody"
other products - "nobody"

then

Suggested change

	<unix:username datatype="string" operation="equals">nfsnobody</unix:username>
	<unix:username datatype="string" operation="pattern match">^({{{ user_list }}})$</unix:username>

[ggbecker]

Apply the above to all rules including rules from: #8393

[yuumasato]

rhel7 and ol7 - "nobody|nfsnobody"
other products - "nobody"

I think we need achors in the regex, like:
^(nobody|nfsnobody)$

Otherwise a user named Anobody would be excluded.

[yuumasato]

Ahh, I see the anchors in the xml now, :)

[mildas]

Where to define the variable with user list? I don't think rule.yml is a good place as it would be basically redundant.

[mildas]

I've put the variable to shared/macros-oval.jinja because I see it related only to OVAL check.