31424a42af
This patch enables the appropriate Linux Security Module (LSM) for the system rather than simply checking it. This brings the role more in line with the STIG requirements and allows it to be used as a more generic role in other non-OpenStack-Ansible deployments. It shouldn't affect OpenStack-Ansible deployments since AppArmor is expected to be running in those deployments. Documentation and release notes are included. Change-Id: Ia017f12be0d60ea74b54396bc8278e4db92295ba
15 lines
478 B
YAML
15 lines
478 B
YAML
---
|
|
features:
|
|
- |
|
|
The Linux Security Module (LSM) that is appropriate for the Linux
|
|
distribution in use will be automatically enabled by the security role by
|
|
default. Deployers can opt out of this change by setting the following
|
|
Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_enable_linux_security_module: False
|
|
|
|
The documentation for STIG V-51337 has more information about how each
|
|
LSM is enabled along with special notes for SELinux.
|