3.3.3. Partition Mounting Weakness (unix-partition-mounting-weakness)
One or more of the system's partitions are mounted without certain hardening options enabled. While this is not a definite vulnerability
on its own, system security may be improved by employing hardening techniques.
The specific way to modify the partition mount options varies from system to system. Consult your operating system's manual or mount
This is detected for both RHVM and RHVH version 4.2
Moving to 4.3.2 not being identified as blocker for 4.3.1
This should be ok after applying DISA STIG profile to RHV-H.
The DISA STIG profile only adds 'nosuid' option to /home, no other options for other partitions. So only applying DISA STIG profile while installing RHVH probably can't got this bug solved.
Created attachment 1540576 [details]
mount option added when DISA STIG profile is selected
Re-targeting to 4.3.5 being more than STIG which we are currently targeting.
RHV-H has no multiple users and if you can access the host having already root user there's no non-root privileged users that can leverage those mount options weakness.
That said, we are now STIG compliant so the suggestion here is to deploy RHV-H with STIG profile.