Merge pull request ComplianceAsCode#12824 from vojtapolasek/stig_make…

…_user_namespaces_not_scored

RHEL 9 STIG: make sysctl_user_max_user_namespaces not scored and informational

products/rhel9/profiles/stig.profile

@@ -28,3 +28,6 @@ selections:
   - stig_rhel9:all
   # Following rules once had a prodtype incompatible with the rhel9 product
   - '!audit_rules_immutable_login_uids'
+# the following rule causes problems with irqbalance which is present in default RHEL 9 installation, therefore it is not enforced
+  - sysctl_user_max_user_namespaces.role=unscored
+  - sysctl_user_max_user_namespaces.severity=info

products/rhel9/profiles/stig_gui.profile

@@ -43,9 +43,5 @@ selections:
     # RHEL-09-215025
     - '!package_nfs-utils_removed'
 
-    # RHEL-09-213105
-    # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese
-    # https://issues.redhat.com/browse/RHEL-10416
-    - '!sysctl_user_max_user_namespaces'
     # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant
     - '!logind_session_timeout'

tests/data/profile_stability/rhel9/stig.profile

@@ -506,6 +506,8 @@ selections:
 - sysctl_net_ipv6_conf_default_accept_redirects
 - sysctl_net_ipv6_conf_default_accept_source_route
 - sysctl_user_max_user_namespaces
+- sysctl_user_max_user_namespaces.role=unscored
+- sysctl_user_max_user_namespaces.severity=info
 - usbguard_generate_policy
 - use_pam_wheel_for_su
 - wireless_disable_interfaces

tests/data/profile_stability/rhel9/stig_gui.profile

@@ -515,6 +515,9 @@ selections:
 - sysctl_net_ipv6_conf_default_accept_ra
 - sysctl_net_ipv6_conf_default_accept_redirects
 - sysctl_net_ipv6_conf_default_accept_source_route
+- sysctl_user_max_user_namespaces
+- sysctl_user_max_user_namespaces.role=unscored
+- sysctl_user_max_user_namespaces.severity=info
 - usbguard_generate_policy
 - use_pam_wheel_for_su
 - wireless_disable_interfaces