Back to bug 1674001
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Gabriel Gaspar Becker | 2019-02-11 16:16:48 UTC | Status | NEW | CLOSED |
| Resolution | --- | DUPLICATE | ||
| Last Closed | 2019-02-11 16:16:48 UTC | |||
| Gabriel Gaspar Becker | 2019-02-13 08:43:44 UTC | Summary | Required packages from selected security profile are not being added to the kickstart file | Required packages from selected security profile are not being added to the kickstart file during RHEL8 installation in text mode |
| Gabriel Gaspar Becker | 2019-02-13 08:44:59 UTC | Status | CLOSED | NEW |
| Resolution | DUPLICATE | --- | ||
| Keywords | Reopened | |||
| Matěj Týč | 2019-02-14 15:14:22 UTC | Priority | unspecified | medium |
| Severity | medium | high | ||
| Stef Walter | 2019-03-16 07:50:17 UTC | Depends On | 1682523 | |
| Jiri Jaburek | 2019-07-02 15:52:05 UTC | CC | jjaburek | |
| Flags | needinfo?(ggasparb) | |||
| Gabriel Gaspar Becker | 2019-07-03 13:26:02 UTC | Flags | needinfo?(ggasparb) | |
| Jan Černý | 2019-07-22 09:12:11 UTC | CC | jcerny, mjahoda | |
| Doc Text | Cause: OSCAP Anaconda Addon can not modify the list of packages to be installed by the operating system installer if the operating system installation is run in text mode. The installation will run in text mode if the target system does not have any graphical console or the text mode is explicitly requested in kickstart (by using `text` command). Consequence: When a security policy profile is specified in kickstart and the installation is run in text mode, the additional packages required by the security policy are not installed during installation. Workaround (if any): * Run installation in graphical mode. * If running installation in graphical mode is not possible, list all the packages that are required by the security policy profile in the security policy explicitly in `%packages` section in the kickstart. Result: The packages that are required by the security policy profile are not installed during RHEL installation. The installed system is not compliant with the given security policy profile. | |||
| Doc Type | If docs needed, set a value | Known Issue | ||
| Flags | needinfo?(mjahoda) | |||
| Marek Haicman | 2019-09-05 18:45:04 UTC | Summary | Required packages from selected security profile are not being added to the kickstart file during RHEL8 installation in text mode | Text Mode kickstart installation not fully supported by OSCAP anaconda addon |
| Mirek Jahoda | 2019-10-07 14:51:03 UTC | CC | matyc | |
| Docs Contact | mjahoda | |||
| Doc Text | Cause: OSCAP Anaconda Addon can not modify the list of packages to be installed by the operating system installer if the operating system installation is run in text mode. The installation will run in text mode if the target system does not have any graphical console or the text mode is explicitly requested in kickstart (by using `text` command). Consequence: When a security policy profile is specified in kickstart and the installation is run in text mode, the additional packages required by the security policy are not installed during installation. Workaround (if any): * Run installation in graphical mode. * If running installation in graphical mode is not possible, list all the packages that are required by the security policy profile in the security policy explicitly in `%packages` section in the kickstart. Result: The packages that are required by the security policy profile are not installed during RHEL installation. The installed system is not compliant with the given security policy profile. | .`OSCAP Anaconda Addon` does not install all packages in text mode The `OSCAP Anaconda Addon` plugin cannot modify the list of packages selected for installation by the system installer if the installation is running in text mode. Consequently, when a security policy profile is specified using Kickstart and the installation is running in text mode, any additional packages required by the security policy are not installed during installation. To work around this problem, either run the installation in graphical mode or specify all packages that are required by the security policy profile in the security policy in the `%packages` section in your Kickstart file. As a result, packages that are required by the security policy profile are not installed during RHEL installation without one of the described workarounds, and the installed system is not compliant with the given security policy profile. | ||
| Flags | needinfo?(mjahoda) | needinfo?(matyc) | ||
| Matěj Týč | 2019-10-08 15:15:36 UTC | Flags | needinfo?(matyc) | |
| Alexandre C. | 2020-02-26 15:50:25 UTC | CC | alexandre.chanu | |
| Nikos Mavrogiannopoulos | 2020-08-07 11:59:45 UTC | Pool ID | sst_platform_security_rhel_8 | |
| Nikos Mavrogiannopoulos | 2020-08-10 11:46:35 UTC | Pool ID | sst_security_compliance_rhel_8 | |
| Red Hat One Jira (issues.redhat.com) | 2020-10-14 15:48:46 UTC | Link ID | Red Hat Issue Tracker - Private RHELPLAN-50875 | |
| Masahiro Matsuya | 2020-11-17 02:14:54 UTC | CC | mmatsuya | |
| RHEL Program Management | 2020-11-17 02:15:03 UTC | Keywords | Triaged | |
| Jan Stodola | 2020-11-18 14:28:30 UTC | Keywords | TestCaseNeeded | |
| CC | jstodola | |||
| Bill Yodlowsky | 2021-05-28 14:34:25 UTC | CC | hasuzuki | |
| CC | byodlows | |||
| Matěj Týč | 2021-07-09 10:38:29 UTC | Status | NEW | ASSIGNED |
| Matěj Týč | 2021-07-12 11:44:32 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | oscap-anaconda-addon-1.2.0-1.el8 | |||
| Marta Lewandowska | 2021-07-24 11:55:46 UTC | CC | mlewando | |
| errata-xmlrpc | 2021-07-29 13:45:58 UTC | Status | MODIFIED | ON_QA |
| Matěj Týč | 2021-08-04 15:51:40 UTC | Blocks | 1890480 | |
| CC | amepatil | |||
| Matěj Týč | 2021-08-04 15:52:13 UTC | CC | rmetrich | |
| Jan Stodola | 2021-08-05 13:42:42 UTC | Flags | needinfo?(mjahoda) | |
| Matěj Týč | 2021-08-05 14:37:20 UTC | Doc Text | .`OSCAP Anaconda Addon` does not install all packages in text mode The `OSCAP Anaconda Addon` plugin cannot modify the list of packages selected for installation by the system installer if the installation is running in text mode. Consequently, when a security policy profile is specified using Kickstart and the installation is running in text mode, any additional packages required by the security policy are not installed during installation. To work around this problem, either run the installation in graphical mode or specify all packages that are required by the security policy profile in the security policy in the `%packages` section in your Kickstart file. As a result, packages that are required by the security policy profile are not installed during RHEL installation without one of the described workarounds, and the installed system is not compliant with the given security policy profile. | Proposal: .`OSCAP Anaconda Addon` no longer handles text mode incorrectly The addon now performs the same checks regardless of whether the installation is graphical, or if is purely text-based. Rules that require certain partition layout or package installation/removal are evaluated before the installation starts, so those requirements are either resolved automatically, or the installation is aborted if it is impossible to satisfy those conditions without human intervention. Was: .`OSCAP Anaconda Addon` does not install all packages in text mode The `OSCAP Anaconda Addon` plugin cannot modify the list of packages selected for installation by the system installer if the installation is running in text mode. Consequently, when a security policy profile is specified using Kickstart and the installation is running in text mode, any additional packages required by the security policy are not installed during installation. To work around this problem, either run the installation in graphical mode or specify all packages that are required by the security policy profile in the security policy in the `%packages` section in your Kickstart file. As a result, packages that are required by the security policy profile are not installed during RHEL installation without one of the described workarounds, and the installed system is not compliant with the given security policy profile. |
| Doc Type | Known Issue | Bug Fix | ||
| Mirek Jahoda | 2021-08-12 15:06:47 UTC | Flags | needinfo?(mjahoda) | |
| Jan Stodola | 2021-08-17 11:38:16 UTC | Status | ON_QA | VERIFIED |
| Mirek Jahoda | 2021-09-22 12:57:51 UTC | Doc Text | Proposal: .`OSCAP Anaconda Addon` no longer handles text mode incorrectly The addon now performs the same checks regardless of whether the installation is graphical, or if is purely text-based. Rules that require certain partition layout or package installation/removal are evaluated before the installation starts, so those requirements are either resolved automatically, or the installation is aborted if it is impossible to satisfy those conditions without human intervention. Was: .`OSCAP Anaconda Addon` does not install all packages in text mode The `OSCAP Anaconda Addon` plugin cannot modify the list of packages selected for installation by the system installer if the installation is running in text mode. Consequently, when a security policy profile is specified using Kickstart and the installation is running in text mode, any additional packages required by the security policy are not installed during installation. To work around this problem, either run the installation in graphical mode or specify all packages that are required by the security policy profile in the security policy in the `%packages` section in your Kickstart file. As a result, packages that are required by the security policy profile are not installed during RHEL installation without one of the described workarounds, and the installed system is not compliant with the given security policy profile. | .`OSCAP Anaconda Addon` now installs all selected packages in text mode Previously, the `OSCAP Anaconda Addon` plugin did not evaluate rules that required certain partition layout or package installations and removals before the installation started when running in text mode. Consequently, when a security policy profile was specified using Kickstart and the installation was running in text mode, any additional packages required by a selected security profile were not installed. `OSCAP Anaconda Addon` now performs the required checks before the installation starts regardless of whether the installation is graphical or text-based, and all selected packages are installed also in text mode. |
| errata-xmlrpc | 2021-11-09 00:56:42 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2021-11-09 18:50:43 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-02-11 16:16:48 UTC | 2021-11-09 18:50:43 UTC | ||
| errata-xmlrpc | 2021-11-09 18:51:00 UTC | Link ID | Red Hat Product Errata RHBA-2021:4312 |
Back to bug 1674001