Back to bug 2165948
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-01-31 14:47:18 UTC | Pool ID | sst_installer_rhel_8 | |
| Red Hat One Jira (issues.redhat.com) | 2023-01-31 14:48:50 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-147062 | |
| Petr Beranek | 2023-01-31 14:52:19 UTC | Blocks | 2129764 | |
| Jiri Kortus | 2023-01-31 16:24:35 UTC | Pool ID | sst_installer_rhel_8 | sst_security_compliance_rhel_8 |
| CC | jikortus, mhaicman, wsato | |||
| Component | anaconda | oscap-anaconda-addon | ||
| Assignee | anaconda-maint-list | matyc | ||
| Jan Stodola | 2023-02-06 15:46:31 UTC | Blocks | 2144443 | |
| CC | jstodola | |||
| RHEL Program Management | 2023-02-13 16:35:59 UTC | Keywords | Triaged | |
| Matěj Týč | 2023-02-20 13:20:05 UTC | Doc Type | If docs needed, set a value | Known Issue |
| Doc Text | Cause: OSCAP Anaconda Addon GUI doesn't provide means how to select or deselect tailoring. Consequence: The 9.2/8.8 addon newly doesn't take tailoring into the account e.g. when installing from archives or RPMs. In past releases, the default behavior was to use the tailoring if it was available. The new behavior, is consistent with the kickstart installation, when the tailoring needs to be specified in order to for it to be used. Workaround (if any): There needs to be a kickstart present that specifies the hardening content, and if the tailoring is set, the graphical installation will proceed with using the content with tailoring. An example is given by comment #2 Result: Installing the system with GUI and with tailoring at the same time is no longer possible without a kickstart, but a kickstart can be provided, so that both GUI installation and tailoring can be used at the same time. |
|||
| Lucie Vařáková | 2023-03-08 13:45:47 UTC | Docs Contact | mjahoda | |
| Mirek Jahoda | 2023-03-29 13:06:16 UTC | Doc Text | Cause: OSCAP Anaconda Addon GUI doesn't provide means how to select or deselect tailoring. Consequence: The 9.2/8.8 addon newly doesn't take tailoring into the account e.g. when installing from archives or RPMs. In past releases, the default behavior was to use the tailoring if it was available. The new behavior, is consistent with the kickstart installation, when the tailoring needs to be specified in order to for it to be used. Workaround (if any): There needs to be a kickstart present that specifies the hardening content, and if the tailoring is set, the graphical installation will proceed with using the content with tailoring. An example is given by comment #2 Result: Installing the system with GUI and with tailoring at the same time is no longer possible without a kickstart, but a kickstart can be provided, so that both GUI installation and tailoring can be used at the same time. | .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile: -- There was an unexpected problem with the supplied content. -- To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example: -- xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml -- As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications. |
| Lenka Špačková | 2023-03-30 11:43:43 UTC | Doc Text | .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile: -- There was an unexpected problem with the supplied content. -- To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example: -- xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml -- As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications. | .The OSCAP Anaconda add-on does not fetch tailored profiles in the graphical installation The OSCAP Anaconda add-on does not provide an option to select or deselect tailoring of security profiles in the RHEL graphical installation. Starting from RHEL 8.8, the add-on does not take tailoring into account by default when installing from archives or RPM packages. Consequently, the installation displays the following error message instead of fetching an OSCAP tailored profile: ---- There was an unexpected problem with the supplied content. ---- To work around this problem, you must specify paths in the `%addon org_fedora_oscap` section of your Kickstart file, for example: ---- xccdf-path = /usr/share/xml/scap/sc_tailoring/ds-combined.xml tailoring-path = /usr/share/xml/scap/sc_tailoring/tailoring-xccdf.xml ---- As a result, you can use the graphical installation for OSCAP tailored profiles only with the corresponding Kickstart specifications. |
| Release Test Team | 2023-05-02 10:45:27 UTC | Link ID | Red Hat Issue Tracker RTT-5273 | |
| Release Test Team | 2023-05-02 10:45:32 UTC | Link ID | Red Hat Issue Tracker RTT-5274 | |
| Matěj Týč | 2023-08-30 08:17:16 UTC | Keywords | MigratedToJIRA | |
| Red Hat One Jira (issues.redhat.com) | 2023-08-30 08:20:12 UTC | Link ID | Red Hat Issue Tracker RHEL-1810 | |
| RHEL Program Management | 2023-08-30 08:53:47 UTC | Status | NEW | CLOSED |
| Resolution | --- | MIGRATED | ||
| Last Closed | 2023-08-30 08:53:47 UTC |
Back to bug 2165948