Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Select enable_dracut_fips_module in RHEL 9 ISM_O profile #12859

Merged
merged 1 commit into from
Jan 20, 2025
Merged

Select enable_dracut_fips_module in RHEL 9 ISM_O profile #12859

merged 1 commit into from
Jan 20, 2025

Conversation

matusmarhefka
Copy link
Member

As RHEL 9 ISM_O profile enables FIPS mode (selects rules enable_fips_mode and configure_crypto_policy with var_system_crypto_policy=fips) it also needs to select the rule enable_dracut_fips_module.

This issue was not discovered before because on normal systems the fips-mode-setup (called in enable_fips_mode rule remediation) ensures the installation of the FIPS dracut module. But in RHEL Image Mode the fips-mode-setup is not used and so the FIPS dracut module needs to be enabled by remediation of the enable_dracut_fips_module rule.

@matusmarhefka
Select enable_dracut_fips_module in RHEL 9 ISM_O profile
cf56fe4 
As RHEL 9 ISM_O profile enables FIPS mode (selects rules
`enable_fips_mode` and `configure_crypto_policy` with
`var_system_crypto_policy=fips`) it also needs to select
the rule `enable_dracut_fips_module`.

This issue was not discovered before because on normal systems
the `fips-mode-setup` (called in `enable_fips_mode` rule remediation)
ensures the installation of the FIPS dracut module. But in RHEL Image
Mode the `fips-mode-setup` is not used and so the FIPS dracut module
needs to be enabled by remediation of the `enable_dracut_fips_module`
rule.
@matusmarhefka matusmarhefka added the Image Mode Bootable containers and Image Mode RHEL label Jan 20, 2025
@matusmarhefka matusmarhefka added this to the 0.1.76 milestone Jan 20, 2025
@matusmarhefka matusmarhefka requested a review from a team as a code owner January 20, 2025 15:02
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 20, 2025

Code Climate has analyzed commit cf56fe4 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Jan 20, 2025
Mab879
Mab879 approved these changes Jan 20, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@Mab879 Mab879 merged commit 59afeb5 into ComplianceAsCode:master Jan 20, 2025
109 checks passed
@matusmarhefka matusmarhefka deleted the ism_dracut_fips branch January 21, 2025 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
Image Mode Bootable containers and Image Mode RHEL
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.
2 participants
@matusmarhefka @Mab879