RHEL 9 must disable the use of user namespaces.

STIG ID: RHEL-09-213105  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-257816

Vulnerability Discussion

User namespaces are used primarily for Linux containers. The value "0" disallows the use of user namespaces.

Check

Verify RHEL 9 disables the use of user namespaces with the following commands:

$ sudo sysctl user.max_user_namespaces

user.max_user_namespaces = 0

If the returned line does not have a value of "0", or a line is not returned, this is a finding.

Check that the configuration files are present to enable this kernel parameter.

$ sudo /usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F user.max_user_namespaces | tail -1
user.max_user_namespaces = 0

If the network parameter "user.max_user_namespaces" is not equal to "0", or nothing is returned, this is a finding.

If the use of namespaces is operationally required and documented with the information system security manager (ISSM), this is not a finding.

Fix

Configure RHEL 9 to disable the use of user namespaces by adding the following line to a file, in the "/etc/sysctl.d" directory:

user.max_user_namespaces = 0

The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:

$ sudo sysctl --system