Is your feature request related to a problem? Please describe.
AMIGen7's current configuration of cloud-init cause the default-user to be created with the SELinux user-context, unconfined_u. With newer security guidelines applied, this context will make it so that the default-user cannot actually escalate privileges, as needed, due to a bad, combined SELinux label – seen when doing sudo -i as:
$ sudo -i
sudo: unconfined_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 is not a valid context
Describe the solution you'd like
Change the default-user's SELinux user-context to staff_u
Is your feature request related to a problem? Please describe.
AMIGen7's current configuration of
cloud-initcause the default-user to be created with the SELinux user-context,unconfined_u. With newer security guidelines applied, this context will make it so that the default-user cannot actually escalate privileges, as needed, due to a bad, combined SELinux label – seen when doingsudo -ias:Describe the solution you'd like
Change the default-user's SELinux user-context to
staff_uDescribe alternatives you've considered
Additional context