Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workaround package_nfs-utils_removed issue on bootable containers #12871

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Workaround package_nfs-utils_removed issue on bootable containers #12871

wants to merge 1 commit into from
+14 −0

Conversation

matusmarhefka
Copy link
Member

The rule is affected by https://issues.redhat.com/browse/RHEL-74244 which causes that RHEL 10 bootable container hardened with STIG profile fails to build. Therefore, until this issue is resolved, we will have a special RHEL 10 only remediation which workarounds the problem on bootable containers.

@matusmarhefka
Workaround package_nfs-utils_removed issue on bootable containers
53fe0bd 
The rule is affected by https://issues.redhat.com/browse/RHEL-74244
which causes that RHEL 10 bootable container hardened with STIG profile
fails to build. Therefore, until this issue is resolved, we will have
a special RHEL 10 only remediation which workarounds the problem on
bootable containers.
@matusmarhefka matusmarhefka added RHEL10 Red Hat Enterprise Linux 10 product related. Image Mode Bootable containers and Image Mode RHEL labels Jan 22, 2025
@matusmarhefka matusmarhefka added this to the 0.1.76 milestone Jan 22, 2025
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 22, 2025

Code Climate has analyzed commit 53fe0bd and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@matusmarhefka matusmarhefka mentioned this pull request Jan 22, 2025
Open
@jan-cerny jan-cerny self-assigned this Jan 23, 2025
jan-cerny
jan-cerny requested changes Jan 23, 2025
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this doesn't work. The oscap-im still tries to remove nfs-utils, therefore, the build fails. There is a mix of reasons for that.

Firstly, the rule package_nfs-utils-removed still contains the bootc style remediation. You need to add a back end turn off:

--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
@@ -40,3 +40,5 @@ template:
     name: package_removed
     vars:
         pkgname: nfs-utils
+    backends:
+        bootc: "off"

Second, the nfs-utils is removed as a dependency of gssproxy which is removed because the removal of gssproxy is requested by rule package_gssproxy_removed. See the output of dnf from oscap-im run after we solved the first point.

Removing:
 gssproxy                 x86_64  0.9.2-8.el10         @System                                  269 k
Removing dependent packages:
 beakerlib                noarch  1.31.3-1.el10_0      @epel                                    442 k
 beakerlib-redhat         noarch  1-35.el9             @beaker-harness                           22 k
 nfs-utils                x86_64  1:2.8.2-0.el10       @System                                  1.3 M

I think you will need to handle the gssproxy similar way and also turn off the back end for the template in the rule package_gssproxy_removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@jan-cerny jan-cerny

Labels
Image Mode Bootable containers and Image Mode RHEL RHEL10 Red Hat Enterprise Linux 10 product related.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.
2 participants
@matusmarhefka @jan-cerny