Bug 1461788
Summary: | atomic scan returns error when scanning read-only rootfs | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Matus Marhefka <mmarhefk> | ||||
Component: | atomic | Assignee: | Brent Baude <bbaude> | ||||
Status: | CLOSED WONTFIX | QA Contact: | atomic-bugs <atomic-bugs> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.4 | CC: | bbaude, ddarrah, dwalsh | ||||
Target Milestone: | rc | Keywords: | Extras | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-01-15 07:38:11 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Matus Marhefka
2017-06-15 10:44:53 UTC
Created attachment 1287992 [details]
Script to reproduce the error
One more thing, when you run the atomic scan command from step 4 with '--debug' option, the error is not printed. atomic scan --verbose --scanner openscap --rootfs fs_mount_dir docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2017-06-15-19-20-00-927719:/scanin -v /var/lib/atomic/openscap/2017-06-15-19-20-00-927719:/scanout:rw,Z --security-opt label:disable -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1 INFO:OpenSCAP Daemon one-off evaluator 0.1.6 WARNING:Can't import the 'docker' package. Container scanning functionality will be disabled. INFO:Creating tasks directory at '/var/lib/oscapd/tasks' because it didn't exist. INFO:Creating results directory at '/var/lib/oscapd/results' because it didn't exist. INFO:Creating results work in progress directory at '/var/lib/oscapd/work_in_progress' because it didn't exist. INFO:Evaluated EvaluationSpec, exit_code=0. INFO:Evaluated EvaluationSpec, exit_code=0. ERROR:Failed to scan target 'chroot:///scanin/fs_mount_dir' for vulnerabilities. Traceback (most recent call last): File "/usr/bin/oscapd-evaluate", line 143, in scan_worker es.evaluate(config) File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 473, in evaluate wip_result = self.evaluate_into_dir(config) File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 470, in evaluate_into_dir return oscap_helpers.evaluate(self, config) File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 300, in evaluate args = get_evaluation_args(spec, config) File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 275, in get_evaluation_args ret.extend(spec.get_oscap_arguments(config)) File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 444, in get_oscap_arguments ret.append(config.get_cve_feed(self.get_cpe_ids(config))) File "/usr/lib/python2.7/site-packages/openscap_daemon/config.py", line 402, in get_cve_feed return self.cve_feed_manager.get_cve_feed(cpe_ids) File "/usr/lib/python2.7/site-packages/openscap_daemon/cve_feed_manager.py", line 219, in get_cve_feed "Can't find a supported CPE ID in %s" % (", ".join(cpe_ids)) RuntimeError: Can't find a supported CPE ID in INFO:[100.00%] Scanned target 'chroot:///scanin/fs_mount_dir' fs_mount_dir (fs_mount_dir) fs_mount_dir is not supported for this scan. Files associated with this scan are in /var/lib/atomic/openscap/2017-06-15-19-20-00-927719. [Errno 30] Read-only file system: '/run/atomic/2017-06-15-19-20-00-927719/fs_mount_dir/lost+found' Created upstream patch ->https://github.com/projectatomic/atomic/pull/1037 After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |