Added variable os_immutable_fs to oshardening #669
Conversation
…able filesystems, in particular ostree systems. Updated oshardening/README.md to reflect this Signed-off-by: James Miller <[email protected]>
|
woot! I think this might work. I made all the changes you request, hope its ok. |
|
superseeds #666 |
|
I am totally new to molecule, but need to learn it to write tests for my roles. I am guessing that coreos or similar needs to be added to the list of distros and a conditional check in molecule when testing os_immutable_fs... Molecule for the next week or so for me, until I can write tests for my own projects, and then I can see if I can make sense of this ... |
Signed-off-by: James Miller <[email protected]>
|
I just added a check that was missing from my initial commit, which I didn't pick up on until I used the os_immutable_fs branch in my code. |
Signed-off-by: James Miller <[email protected]>
|
I stopped development for a couple of years and returned to it. I need the os_immutable_fs changes to be able to use devsec hardening with a coreos machine. |
|
Please hold this pull request for the time being. I have found a recentish (last 2 years) addition where os_immutable_fs logic needs to be applied. Will have it ready by tomorrow and continue testing. |
…sks to allow both roles to work with redhat and fedora immutable filesystem os's - next step to add support for ubuntu core
…sks to allow both roles to work with redhat and fedora immutable filesystem os's
…-collection-hardening into os_immutable_fs
to compensate for immutable filesystems, in particular ostree systems. Updated oshardening/README.md to reflect this
Signed-off-by: James Miller [email protected]