Authselect profile minimal is now called local in RHEL10.

Adjust variables and test scenarios to take this into account. Setting minimal variable to local should make the conversion transparent for users that have selected this in their profiles. RHEL10 profile will select minimal as well and it will translate correctly into local profile which should be the same as minimal. Minimal profile is not even available as deprecated in RHEL10.
ComplianceAsCode · Jan 17, 2025 · f90488b · f90488b
1 parent faae294
commit f90488b
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/...s-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/common.sh b/...s-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/common.sh
@@ -1,6 +1,11 @@
 pam_files=("password-auth" "system-auth")
 
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+# rhel>=10 default profile is now called local
+authselect create-profile testingProfile --base-on local
+{{%- else %}}
 authselect create-profile testingProfile --base-on minimal
+{{%- endif %}}
 
 CUSTOM_PROFILE_DIR="/etc/authselect/custom/testingProfile"
 

diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
@@ -2,6 +2,12 @@
 # packages = authselect,pam
 # remediation = none
 
-authselect select --force minimal
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+# rhel>=10 default profile is now called local
+authselect select local --force
+{{%- else %}}
+authselect select minimal --force
+{{%- endif %}}
+
 rm -f /etc/pam.d/system-auth
 dnf reinstall -y pam
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
@@ -1,4 +1,9 @@
 # platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
 # packages = authselect,pam
 
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+# rhel>=10 default profile is now called local
+authselect select local --force
+{{%- else %}}
 authselect select minimal --force
+{{%- endif %}}
diff --git a/linux_os/guide/system/accounts/var_authselect_profile.var b/linux_os/guide/system/accounts/var_authselect_profile.var
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-title: Authselect  profile
+title: Authselect profile
 
 description: |-
     Specify the authselect profile to select
@@ -12,6 +12,12 @@ operator: equals
 interactive: false
 
 options:
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+    default: local
+    minimal: local
+    local: local
+{{%- else %}}
     default: minimal
     minimal: minimal
+{{%- endif %}}
     sssd: sssd