From 36d4e0224e07d88313869be34b82f2b9c9d0dc30 Mon Sep 17 00:00:00 2001
From: Ana Custura <ana@sr2.uk>
Date: Tue, 16 Jan 2024 21:49:38 +0000
Subject: [PATCH] Workaround for
 https://github.com/dev-sec/ansible-collection-hardening/issues/723

---
 ansible-zammad/inventory/group_vars/all.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ansible-zammad/inventory/group_vars/all.yml b/ansible-zammad/inventory/group_vars/all.yml
index f9e0d132fc..70ba4ca92d 100644
--- a/ansible-zammad/inventory/group_vars/all.yml
+++ b/ansible-zammad/inventory/group_vars/all.yml
@@ -40,5 +40,7 @@ zammad_letsencrypt_email: abel@guardianproject.info
 monitoring_letsencrypt_email: abel@guardianproject.info
 sysctl_overwrite:
   net.ipv4.ip_forward: 1
+sysctl_unsupported_entries:
+  - kernel.unprivileged_userns_clone
 os_filesystem_whitelist:  # os_hardening is meant to detect when EFI is in use, but doesn't https://github.com/dev-sec/ansible-collection-hardening/issues/288
   - vfat