Change platform for rules related to partitions

linux_os/guide/system/permissions/partitions/group.yml

@@ -7,3 +7,5 @@ description: |-
     that limit what files on those partitions can do. These options
     are set in the <tt>/etc/fstab</tt> configuration file, and can be
     used to make certain types of malicious behavior more difficult.
+
+platform: not container and not bootc

linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml

@@ -28,7 +28,7 @@ references:
     stigid@ol8: OL08-00-010572
     stigid@rhel8: RHEL-08-010572
 
-platform: machine and uefi
+platform: uefi
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml

@@ -22,7 +22,6 @@ identifiers:
     cce@rhel8: CCE-83345-9
 
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml

@@ -31,7 +31,6 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml

@@ -24,7 +24,6 @@ identifiers:
     cce@sle12: CCE-91541-3
     cce@sle15: CCE-91234-5
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml

@@ -33,7 +33,6 @@ references:
     stigid@ol8: OL08-00-010571
     stigid@rhel8: RHEL-08-010571
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml

@@ -44,7 +44,6 @@ references:
     stigid@ol8: OL08-00-040120
     stigid@rhel8: RHEL-08-040120
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml

@@ -46,7 +46,6 @@ references:
     stigid@ol8: OL08-00-040122
     stigid@rhel8: RHEL-08-040122
 
-platform: machine
 
 fixtext: |-
     {{{ fixtext_mount_option("/dev/shm", "noexec") }}}

linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml

@@ -44,7 +44,6 @@ references:
     stigid@ol8: OL08-00-040121
     stigid@rhel8: RHEL-08-040121
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_home_grpquota/rule.yml

@@ -48,13 +48,12 @@ warnings:
 {{% endif %}}
 
 {{% if "ol" in product %}}
-platform: machine
 template:
     name: mount_option_home
     vars:
         mountoption: grpquota
 {{% else %}}
-platform: machine and mount[home]
+platform: mount[home]
 template:
     name: mount_option
     vars:

linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml

@@ -36,7 +36,7 @@ references:
     disa: CCI-001764
     srg: SRG-OS-000368-GPOS-00154
 
-platform: machine and mount[home]
+platform: mount[home]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml

@@ -29,7 +29,6 @@ references:
     stigid@ol8: OL08-00-010590
     stigid@rhel8: RHEL-08-010590
 
-platform: machine
 
 {{{ complete_ocil_entry_mount_option("/home", "noexec") }}}
 

linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml

@@ -49,14 +49,13 @@ fixtext: |-
 srg_requirement: '{{{ srg_requirement_mount_option("/home", "nosuid") }}}'
 
 {{% if "ol" not in product %}}
-platform: machine and mount[home]
+platform: mount[home]
 template:
     name: mount_option
     vars:
         mountpoint: /home
         mountoption: nosuid
 {{% else %}}
-platform: machine
 warnings:
     - functionality: |-
         OVAL looks for partitions whose mount point is a substring of any interactive user's home

linux_os/guide/system/permissions/partitions/mount_option_home_usrquota/rule.yml

@@ -48,13 +48,12 @@ warnings:
 {{% endif %}}
 
 {{% if "ol" in product %}}
-platform: machine
 template:
     name: mount_option_home
     vars:
         mountoption: usrquota
 {{% else %}}
-platform: machine and mount[home]
+platform: mount[home]
 template:
     name: mount_option
     vars:

linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml

@@ -47,7 +47,6 @@ references:
     stigid@ol8: OL08-00-010580
     stigid@rhel8: RHEL-08-010580
 
-platform: machine
 
 fixtext: |-
     Configure the "/etc/fstab" to use the "nodev" option on all non-root local partitions.

linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml

@@ -44,7 +44,6 @@ references:
     stigid@ol8: OL08-00-010600
     stigid@rhel8: RHEL-08-010600
 
-platform: machine
 
 ocil_clause: 'a file system found in "/etc/fstab" refers to removable media and it does not have the "nodev" option set'
 

linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml

@@ -54,7 +54,6 @@ fixtext: |-
 
 srg_requirement: '{{{ full_name }}} must prevent code from being executed on file systems that are used with removable media.'
 
-platform: machine
 
 template:
     name: mount_option_removable_partitions

linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml

@@ -47,7 +47,6 @@ references:
     stigid@sle12: SLES-12-010800
     stigid@sle15: SLES-15-040150
 
-platform: machine
 
 ocil_clause: 'file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set'
 

linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml

@@ -25,7 +25,7 @@ identifiers:
     cce@sle12: CCE-91584-3
     cce@sle15: CCE-91270-9
 
-platform: machine and mount[opt]
+platform: mount[opt]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml

@@ -39,7 +39,6 @@ identifiers:
     cce@rhel9: CCE-85883-7
 
 
-platform: machine
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml

@@ -25,7 +25,7 @@ identifiers:
     cce@sle12: CCE-91585-0
     cce@sle15: CCE-91271-7
 
-platform: machine and mount[srv]
+platform: mount[srv]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml

@@ -43,7 +43,7 @@ references:
     stigid@ol8: OL08-00-040123
     stigid@rhel8: RHEL-08-040123
 
-platform: machine and mount[tmp]
+platform: mount[tmp]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml

@@ -42,7 +42,7 @@ references:
     stigid@ol8: OL08-00-040125
     stigid@rhel8: RHEL-08-040125
 
-platform: machine and mount[tmp]
+platform: mount[tmp]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml

@@ -43,7 +43,7 @@ references:
     stigid@ol8: OL08-00-040124
     stigid@rhel8: RHEL-08-040124
 
-platform: machine and mount[tmp]
+platform: mount[tmp]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml

@@ -34,7 +34,7 @@ references:
     stigid@ol8: OL08-00-040129
     stigid@rhel8: RHEL-08-040129
 
-platform: machine and mount[var-log-audit]
+platform: mount[var-log-audit]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml

@@ -32,7 +32,7 @@ references:
     stigid@ol8: OL08-00-040131
     stigid@rhel8: RHEL-08-040131
 
-platform: machine and mount[var-log-audit]
+platform: mount[var-log-audit]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml

@@ -33,7 +33,7 @@ references:
     stigid@ol8: OL08-00-040130
     stigid@rhel8: RHEL-08-040130
 
-platform: machine and mount[var-log-audit]
+platform: mount[var-log-audit]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml

@@ -34,7 +34,7 @@ references:
     stigid@ol8: OL08-00-040126
     stigid@rhel8: RHEL-08-040126
 
-platform: machine and mount[var-log]
+platform: mount[var-log]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml

@@ -34,7 +34,7 @@ references:
     stigid@ol8: OL08-00-040128
     stigid@rhel8: RHEL-08-040128
 
-platform: machine and mount[var-log]
+platform: mount[var-log]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml

@@ -35,7 +35,7 @@ references:
     stigid@ol8: OL08-00-040127
     stigid@rhel8: RHEL-08-040127
 
-platform: machine and mount[var-log]
+platform: mount[var-log]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml

@@ -32,7 +32,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
 
-platform: machine and mount[var]
+platform: mount[var]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml

@@ -23,7 +23,7 @@ identifiers:
     cce@sle12: CCE-91590-0
     cce@sle15: CCE-91276-6
 
-platform: machine and mount[var]
+platform: mount[var]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml

@@ -26,7 +26,7 @@ references:
 
 severity: medium
 
-platform: machine and mount[var]
+platform: mount[var]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml

@@ -27,4 +27,4 @@ references:
     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
     nist-csf: PR.IP-1,PR.PT-3
 
-platform: machine and mount[var-tmp]
+platform: mount[var-tmp]

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml

@@ -36,8 +36,7 @@ references:
     stigid@ol8: OL08-00-040132
     stigid@rhel8: RHEL-08-040132
 
-platforms:
-  - machine and mount[var-tmp]
+platform: mount[var-tmp]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml

@@ -36,7 +36,7 @@ references:
     stigid@ol8: OL08-00-040134
     stigid@rhel8: RHEL-08-040134
 
-platform: machine and mount[var-tmp]
+platform: mount[var-tmp]
 
 template:
     name: mount_option

linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml

@@ -36,7 +36,7 @@ references:
     stigid@ol8: OL08-00-040133
     stigid@rhel8: RHEL-08-040133
 
-platform: machine and mount[var-tmp]
+platform: mount[var-tmp]
 
 template:
     name: mount_option

linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml

@@ -101,7 +101,6 @@ ocil: |-
     The boot partition and pseudo-file systems, such as /proc, /sys, and tmpfs,
     are not required to use disk encryption and are not a finding.
 
-platform: machine
 
 fixtext: |-
     Configure {{{ full_name }}} to prevent unauthorized modification of all information at rest by using disk encryption.

linux_os/guide/system/software/disk_partitioning/group.yml

@@ -25,3 +25,5 @@ description: |-
     scheme was used, it is possible but nontrivial to
     modify it to create separate logical volumes for the directories
     listed above. The Logical Volume Manager (LVM) makes this possible.
+
+platform: not container and not bootc

linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml

@@ -16,7 +16,6 @@ rationale: |-
 
 severity: medium
 
-platform: machine
 
 identifiers:
     cce@rhel8: CCE-83336-8

linux_os/guide/system/software/disk_partitioning/partition_for_dev_shm/rule.yml

@@ -35,7 +35,6 @@ references:
 
 fixtext: '{{{ fixtext_separate_partition(part="/dev/shm") }}}'
 
-platform: machine
 
 warnings:
 - general: |-

linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml

@@ -52,7 +52,6 @@ fixtext: |-
 
 srg_requirement: 'A separate {{{ full_name }}} filesystem must be used for user home directories (such as /home or an equivalent).'
 
-platform: machine
 
 template:
     name: mount

linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml

@@ -15,7 +15,6 @@ rationale: |-
 
 severity: medium
 
-platform: machine
 
 identifiers:
     cce@rhel8: CCE-83340-0

linux_os/guide/system/software/disk_partitioning/partition_for_srv/rule.yml

@@ -17,7 +17,6 @@ rationale: |-
 
 severity: unknown
 
-platform: machine
 
 
 identifiers:

linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml

@@ -45,7 +45,6 @@ fixtext: '{{{ fixtext_separate_partition(part="/tmp") }}}'
 
 srg_requirement: '{{{ srg_requirement_separate_partition("/tmp") }}}'
 
-platform: machine
 
 template:
     name: mount