From 5567276691f0ecdf8d873ff8f1afd76f00191ea6 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 25 Oct 2024 11:29:28 -0500
Subject: [PATCH 1/3] Add dynamic_uid_min and dynamic_uid_max to product
 properties

---
 product_properties/10-ids.yml                 | 2 ++
 tests/data/product_stability/alinux2.yml      | 2 ++
 tests/data/product_stability/alinux3.yml      | 2 ++
 tests/data/product_stability/anolis23.yml     | 2 ++
 tests/data/product_stability/anolis8.yml      | 2 ++
 tests/data/product_stability/chromium.yml     | 2 ++
 tests/data/product_stability/debian11.yml     | 2 ++
 tests/data/product_stability/debian12.yml     | 2 ++
 tests/data/product_stability/eks.yml          | 2 ++
 tests/data/product_stability/example.yml      | 2 ++
 tests/data/product_stability/fedora.yml       | 2 ++
 tests/data/product_stability/firefox.yml      | 2 ++
 tests/data/product_stability/macos1015.yml    | 2 ++
 tests/data/product_stability/ocp4.yml         | 2 ++
 tests/data/product_stability/ol7.yml          | 2 ++
 tests/data/product_stability/ol8.yml          | 2 ++
 tests/data/product_stability/ol9.yml          | 2 ++
 tests/data/product_stability/openembedded.yml | 2 ++
 tests/data/product_stability/opensuse.yml     | 2 ++
 tests/data/product_stability/rhcos4.yml       | 2 ++
 tests/data/product_stability/rhel8.yml        | 2 ++
 tests/data/product_stability/rhel9.yml        | 2 ++
 tests/data/product_stability/rhv4.yml         | 2 ++
 tests/data/product_stability/sle12.yml        | 2 ++
 tests/data/product_stability/sle15.yml        | 2 ++
 tests/data/product_stability/ubuntu1604.yml   | 2 ++
 tests/data/product_stability/ubuntu1804.yml   | 2 ++
 tests/data/product_stability/ubuntu2004.yml   | 2 ++
 tests/data/product_stability/ubuntu2204.yml   | 2 ++
 29 files changed, 58 insertions(+)

diff --git a/product_properties/10-ids.yml b/product_properties/10-ids.yml
index 0b4a80763b5..44876f1f32e 100644
--- a/product_properties/10-ids.yml
+++ b/product_properties/10-ids.yml
@@ -5,3 +5,5 @@ default:
   nobody_gid: 65534
   nobody_uid: 65534
   auid: 1000
+  dynamic_uid_min: 61184
+  dynamic_uid_max: 65519
diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml
index 39d49e6b72f..1d0d21086e4 100644
--- a/tests/data/product_stability/alinux2.yml
+++ b/tests/data/product_stability/alinux2.yml
@@ -16,6 +16,8 @@ cpes:
     title: Alibaba Cloud Linux 2
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Alibaba Cloud Linux 2
 gid_min: 1000
diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml
index cde45fb3c1a..b9911b65b23 100644
--- a/tests/data/product_stability/alinux3.yml
+++ b/tests/data/product_stability/alinux3.yml
@@ -16,6 +16,8 @@ cpes:
     title: Alibaba Cloud Linux 3
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Alibaba Cloud Linux 3
 gid_min: 1000
diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml
index 01edaa2bfc1..5d075e1dbae 100644
--- a/tests/data/product_stability/anolis23.yml
+++ b/tests/data/product_stability/anolis23.yml
@@ -16,6 +16,8 @@ cpes:
     title: Anolis OS 23
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Anolis OS 23
 gid_min: 1000
diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml
index dd0abda59d4..1234155c677 100644
--- a/tests/data/product_stability/anolis8.yml
+++ b/tests/data/product_stability/anolis8.yml
@@ -16,6 +16,8 @@ cpes:
     title: Anolis OS 8
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Anolis OS 8
 gid_min: 1000
diff --git a/tests/data/product_stability/chromium.yml b/tests/data/product_stability/chromium.yml
index 259552fbfe2..988756f6b2a 100644
--- a/tests/data/product_stability/chromium.yml
+++ b/tests/data/product_stability/chromium.yml
@@ -16,6 +16,8 @@ cpes:
     title: Google Chromium Browser
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Chromium
 gid_min: 1000
diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml
index 4c8d64ee576..781766106c0 100644
--- a/tests/data/product_stability/debian11.yml
+++ b/tests/data/product_stability/debian11.yml
@@ -16,6 +16,8 @@ cpes:
     title: Debian Linux 11
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
index 102330d6e2b..e255f44fdda 100644
--- a/tests/data/product_stability/debian12.yml
+++ b/tests/data/product_stability/debian12.yml
@@ -16,6 +16,8 @@ cpes:
     title: Debian Linux 12
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian
diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml
index 135023ebf43..8d5d75abbaa 100644
--- a/tests/data/product_stability/eks.yml
+++ b/tests/data/product_stability/eks.yml
@@ -24,6 +24,8 @@ cpes:
     title: Amazon Elastic Kubernetes Service 1.21
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Amazon Elastic Kubernetes Service
 gid_min: 1000
diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml
index f20e554e6de..d57b09f6bc8 100644
--- a/tests/data/product_stability/example.yml
+++ b/tests/data/product_stability/example.yml
@@ -17,6 +17,8 @@ cpes:
     title: Example
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Example
 gid_min: 1000
diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml
index 214cf9a8abf..6e90589886b 100644
--- a/tests/data/product_stability/fedora.yml
+++ b/tests/data/product_stability/fedora.yml
@@ -41,6 +41,8 @@ cpes:
     title: Fedora 39
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: distro.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Fedora
 future_pkg_release: 62f2920f
diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml
index 562f3c85a88..d34ed55f33b 100644
--- a/tests/data/product_stability/firefox.yml
+++ b/tests/data/product_stability/firefox.yml
@@ -16,6 +16,8 @@ cpes:
     title: Mozilla Firefox
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Firefox
 gid_min: 1000
diff --git a/tests/data/product_stability/macos1015.yml b/tests/data/product_stability/macos1015.yml
index 0124fed6df5..c5be4ce23ef 100644
--- a/tests/data/product_stability/macos1015.yml
+++ b/tests/data/product_stability/macos1015.yml
@@ -16,6 +16,8 @@ cpes:
     title: Apple macOS 10.15
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Apple macOS 10.15
 gid_min: 1000
diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml
index 75c8888648a..fabaf419733 100644
--- a/tests/data/product_stability/ocp4.yml
+++ b/tests/data/product_stability/ocp4.yml
@@ -100,6 +100,8 @@ cpes:
     title: Red Hat OpenShift Container Platform 4 on SDN
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Red Hat OpenShift Container Platform 4
 gid_min: 1000
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
index 617a8f908cc..6540a69e646 100644
--- a/tests/data/product_stability/ol7.yml
+++ b/tests/data/product_stability/ol7.yml
@@ -16,6 +16,8 @@ cpes:
     title: Oracle Linux 7
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: local.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - rhel-like
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
index 955a324cc73..3de5d9a3218 100644
--- a/tests/data/product_stability/ol8.yml
+++ b/tests/data/product_stability/ol8.yml
@@ -16,6 +16,8 @@ cpes:
     title: Oracle Linux 8
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: local.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/log/faillock
 families:
 - rhel-like
diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml
index 34985b56c43..54f95e16db5 100644
--- a/tests/data/product_stability/ol9.yml
+++ b/tests/data/product_stability/ol9.yml
@@ -19,6 +19,8 @@ cpes:
     title: Oracle Linux 9
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: local.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/log/faillock
 families:
 - rhel-like
diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml
index 72e643c41ed..c94f79d4c41 100644
--- a/tests/data/product_stability/openembedded.yml
+++ b/tests/data/product_stability/openembedded.yml
@@ -28,6 +28,8 @@ cpes:
     title: OpenEmbedded Harden distribution
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: OpenEmbedded
 gid_min: 1000
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
index c7214c7d51a..bd26608bfcd 100644
--- a/tests/data/product_stability/opensuse.yml
+++ b/tests/data/product_stability/opensuse.yml
@@ -28,6 +28,8 @@ cpes:
     title: openSUSE Leap 15.0
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: openSUSE
 gid_min: 1000
diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml
index 4f242c6f2f8..aabfed5ee07 100644
--- a/tests/data/product_stability/rhcos4.yml
+++ b/tests/data/product_stability/rhcos4.yml
@@ -16,6 +16,8 @@ cpes:
     title: Red Hat Enterprise Linux CoreOS 4
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Red Hat Enterprise Linux CoreOS 4
 gid_min: 1000
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
index a3647a9df47..be505770304 100644
--- a/tests/data/product_stability/rhel8.yml
+++ b/tests/data/product_stability/rhel8.yml
@@ -67,6 +67,8 @@ cpes:
     title: Red Hat Enterprise Linux 8.10
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/log/faillock
 families:
 - rhel
diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml
index e9e0fe03b58..839bc42a030 100644
--- a/tests/data/product_stability/rhel9.yml
+++ b/tests/data/product_stability/rhel9.yml
@@ -23,6 +23,8 @@ cpes:
     title: Red Hat Enterprise Linux 9
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: distro.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/log/faillock
 families:
 - rhel
diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml
index 59f81d865f7..1d023d03201 100644
--- a/tests/data/product_stability/rhv4.yml
+++ b/tests/data/product_stability/rhv4.yml
@@ -23,6 +23,8 @@ cpes:
     title: Red Hat Virtualization 4 Manager
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 full_name: Red Hat Virtualization 4
 gid_min: 1000
diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml
index db5526ea7b1..870ac6482da 100644
--- a/tests/data/product_stability/sle12.yml
+++ b/tests/data/product_stability/sle12.yml
@@ -20,6 +20,8 @@ cpes:
     title: SUSE Linux Enterprise Desktop 12
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - suse
diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml
index 7a82d1a09b5..fb226b17f5c 100644
--- a/tests/data/product_stability/sle15.yml
+++ b/tests/data/product_stability/sle15.yml
@@ -20,6 +20,8 @@ cpes:
     title: SUSE Linux Enterprise Desktop 15
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - suse
diff --git a/tests/data/product_stability/ubuntu1604.yml b/tests/data/product_stability/ubuntu1604.yml
index 954a108c7c1..2344c8c9c1c 100644
--- a/tests/data/product_stability/ubuntu1604.yml
+++ b/tests/data/product_stability/ubuntu1604.yml
@@ -16,6 +16,8 @@ cpes:
     title: Ubuntu release 16.04 (Xenial)
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian-like
diff --git a/tests/data/product_stability/ubuntu1804.yml b/tests/data/product_stability/ubuntu1804.yml
index f5159a1cb5c..af370ed71d9 100644
--- a/tests/data/product_stability/ubuntu1804.yml
+++ b/tests/data/product_stability/ubuntu1804.yml
@@ -16,6 +16,8 @@ cpes:
     title: Ubuntu release 18.04 (Bionic Beaver)
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian-like
diff --git a/tests/data/product_stability/ubuntu2004.yml b/tests/data/product_stability/ubuntu2004.yml
index 088f9c35b03..e57f894ba94 100644
--- a/tests/data/product_stability/ubuntu2004.yml
+++ b/tests/data/product_stability/ubuntu2004.yml
@@ -17,6 +17,8 @@ cpes:
     title: Ubuntu release 20.04 (Focal Fossa)
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian-like
diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml
index f4a4c1e8000..bbaec5bf6c4 100644
--- a/tests/data/product_stability/ubuntu2204.yml
+++ b/tests/data/product_stability/ubuntu2204.yml
@@ -17,6 +17,8 @@ cpes:
     title: Ubuntu release 22.04 (Jammy Jellyfish)
 cpes_root: ../../shared/applicability
 dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
 faillock_path: /var/run/faillock
 families:
 - debian-like

From 3940f0d286ba167aa98ef9d588fee302236f2f49 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 25 Oct 2024 11:30:29 -0500
Subject: [PATCH 2/3] Skip dynamic uids in account
 accounts_user_interactive_home_directory_defined

---
 .../ansible/shared.yml                                           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
index 5ecdb3cc0bb..99a6e4231ef 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
@@ -22,4 +22,5 @@
   when:
     - item.value[2]|int >= {{{ uid_min }}}
     - item.value[2]|int != {{{ nobody_uid }}}
+    - item.value[2]|int < {{{ dynamic_uid_min }}} or item.value[2]|int > {{{ dynamic_uid_min }}}
     - not item.value[4] | regex_search('^\/\w*\/\w{1,}')

From 708fc4193827025400e99d8365a1fcb588d7ed61 Mon Sep 17 00:00:00 2001
From: Matthew Burket <m@tthewburket.com>
Date: Thu, 31 Oct 2024 08:34:33 -0500
Subject: [PATCH 3/3] Update
 linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml

Co-authored-by: vojtapolasek <krecoun@gmail.com>
---
 .../ansible/shared.yml                                          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
index 99a6e4231ef..eee817b7c1b 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/ansible/shared.yml
@@ -22,5 +22,5 @@
   when:
     - item.value[2]|int >= {{{ uid_min }}}
     - item.value[2]|int != {{{ nobody_uid }}}
-    - item.value[2]|int < {{{ dynamic_uid_min }}} or item.value[2]|int > {{{ dynamic_uid_min }}}
+    - item.value[2]|int < {{{ dynamic_uid_min }}} or item.value[2]|int > {{{ dynamic_uid_max }}}
     - not item.value[4] | regex_search('^\/\w*\/\w{1,}')