From 27395799f0e70aa67e443bc4ddb3b6bfd7590508 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 29 Nov 2016 14:44:17 -0600
Subject: [PATCH] [Docs] Exception for SELinux user confinement

This patch adds an exception for SELinux user confinement since it's not
possible to determine admin and non-admin users within the security role
itself.

Implements: blueprint security-rhel7-stig
Change-Id: Ifbcc88c3b8f862bead7710140234678f7287ec09
---
 doc/metadata/rhel7/RHEL-07-020090.rst | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/doc/metadata/rhel7/RHEL-07-020090.rst b/doc/metadata/rhel7/RHEL-07-020090.rst
index 4a676845..a69c8342 100644
--- a/doc/metadata/rhel7/RHEL-07-020090.rst
+++ b/doc/metadata/rhel7/RHEL-07-020090.rst
@@ -1,7 +1,15 @@
 ---
 id: RHEL-07-020090
-status: not implemented
-tag: misc
+status: exception - manual intervention
+tag: auth
 ---
 
-This STIG requirement is not yet implemented.
+The tasks in the security role cannot determine the access levels of individual
+users.
+
+Deployers are strongly encouraged to configure SELinux user confinement on
+compatible systems using ``semanage login``. Refer to the
+`Confining Existing Linux Users`_ documentation from Red Hat for detailed
+information and command line examples.
+
+.. _Confining Existing Linux Users: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html