From 3ed7300ef32d49a0b664bb249b2f13bcaf740825 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 21 Mar 2024 16:08:35 +0100
Subject: [PATCH] waive service_sssd_enabled

this rule requires additional manual sssd configuration which can't be attained by our rules in a meaningful way
---
 conf/waivers-upstream | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/conf/waivers-upstream b/conf/waivers-upstream
index 523f4d76..a778b1e0 100644
--- a/conf/waivers-upstream
+++ b/conf/waivers-upstream
@@ -7,6 +7,10 @@
 # so remove the remediation exception + waiver on RHEL-8+
 /hardening/host-os/.+/[^/]+/package_rsync_removed
     rhel == 7
+# the service_sssd_enabled will be failing even if the service is enabled
+# because it requires manual configuration which cannot be attained with our rules
+/hardening/.+/service_sssd_enabled
+    True
 
 # requires running firewalld (firewall-cmd) and NetworkManager,
 # which are not available in their final form in the Anaconda environment