From b0a838d6dfa7912dfe7a2acab923ea6e0c096030 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Fri, 1 Mar 2024 13:16:29 +0100
Subject: [PATCH 1/2] update notes of the R36 requirement for ANSSI

---
 controls/anssi.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/controls/anssi.yml b/controls/anssi.yml
index 735e323efd4..07011c7e372 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
@@ -862,7 +862,10 @@ controls:
       and its group, and a full access to its owner. For services such as systemd, this value can
       be defined directly in the configuration file of the service with the directive UMask=0027.
     notes: >-
-      Currently there is no rule to check and remediate the UMask directive in systemd.
+      There are cases of Systemd services which would stop working in case umask
+      would be configured to 0027 for all services. One such example   is the
+      Cups service which needs to create sockets which need to be available for
+      all users. Therefore, this part of the requirement can't be automated.
     status: partial
     rules:
       - accounts_umask_etc_bashrc

From ffceb646be7c008e9265f78f3ac8450fd7c35555 Mon Sep 17 00:00:00 2001
From: vojtapolasek <krecoun@gmail.com>
Date: Fri, 1 Mar 2024 14:08:47 +0100
Subject: [PATCH 2/2] Update controls/anssi.yml

Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
---
 controls/anssi.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controls/anssi.yml b/controls/anssi.yml
index 07011c7e372..7f1d8eb711c 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
@@ -863,7 +863,7 @@ controls:
       be defined directly in the configuration file of the service with the directive UMask=0027.
     notes: >-
       There are cases of Systemd services which would stop working in case umask
-      would be configured to 0027 for all services. One such example   is the
+      would be configured to 0027 for all services. One such example is the
       Cups service which needs to create sockets which need to be available for
       all users. Therefore, this part of the requirement can't be automated.
     status: partial