Bug 1463853
| Summary: | [RFE] RHV-M appliance should meet NIST 800-53 partitioning requirements | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Javier Coscia <jcoscia> |
| Component: | rhevm-appliance | Assignee: | Yuval Turgeman <yturgema> |
| Status: | CLOSED ERRATA | QA Contact: | Gonza <grafuls> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.1.2 | CC: | cshao, dfediuck, eheftman, huzhao, lsvaty, mgoldboi, mkalinin, pstehlik, qiyuan, rbarry, sbonazzo, weiwang, yaniwang, ycui, yturgema, yzhao |
| Target Milestone: | ovirt-4.2.0 | Keywords: | FutureFeature |
| Target Release: | --- | Flags: | pstehlik:
testing_plan_complete-
|
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions, "/" and swap.
In this release, the disk partitioning scheme has been modified to match the scheme specified by NIST. The updated disk partitions are as follows:
/boot 1G (primary)
/home 1G (lvm)
/tmp 2G (lvm)
/var 20G (lvm)
/var/log 10G (lvm)
/var/log/audit 1G (lvm)
swap 8G (lvm)
/ 6G (primary)
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-05-15 19:00:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Node | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1502604 | ||
|
Description
Javier Coscia
2017-06-22 00:10:23 UTC
Tried with: rhvm-appliance-20180103.0-1.x86_64.rhevm.ova # findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/vda2 xfs rw,relatime,seclabel,attr2,inode64,noquota ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime,seclabel │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,seclabel,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory │ │ ├─/sys/fs/cgroup/pids cgroup cgroup rw,nosuid,nodev,noexec,relatime,pids │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup rw,nosuid,nodev,noexec,relatime,hugetlb │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_prio,net_cls │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ └─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/selinux selinuxfs selinuxfs rw,relatime │ ├─/sys/kernel/debug debugfs debugfs rw,relatime │ └─/sys/kernel/config configfs configfs rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ ├─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12601 │ └─/proc/fs/nfsd nfsd nfsd rw,relatime ├─/dev devtmpfs devtmpfs rw,nosuid,seclabel,size=887000k,nr_inodes=221750,mode=755 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev,seclabel │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000 │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,seclabel │ └─/dev/mqueue mqueue mqueue rw,relatime,seclabel ├─/run tmpfs tmpfs rw,nosuid,nodev,seclabel,mode=755 │ └─/run/user/0 tmpfs tmpfs rw,nosuid,nodev,relatime,seclabel,size=181540k,mode=700 └─/var/lib/nfs/rpc_pipefs rpc_pipefs rpc_pipefs rw,relatime # df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/vda2 xfs 50G 3.3G 47G 7% / devtmpfs devtmpfs 867M 0 867M 0% /dev tmpfs tmpfs 887M 0 887M 0% /dev/shm tmpfs tmpfs 887M 17M 871M 2% /run tmpfs tmpfs 887M 0 887M 0% /sys/fs/cgroup tmpfs tmpfs 178M 0 178M 0% /run/user/0 # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom vda 253:0 0 58G 0 disk ├─vda1 253:1 0 8G 0 part [SWAP] └─vda2 253:2 0 50G 0 part / rhvm-appliance-20180103.0-1.x86_64.rhevm.ova is not 4.2 Please check with rhvm-appliance-4.2-20171219.0, which contains the appropriate partitions. Verified with: rhvm-appliance-4.2-20171219.0 # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom sr1 11:1 1 374K 0 rom vda 252:0 0 50G 0 disk ├─vda1 252:1 0 1G 0 part /boot ├─vda2 252:2 0 42.9G 0 part │ ├─ovirt-swap 253:0 0 8G 0 lvm [SWAP] │ ├─ovirt-audit 253:1 0 1G 0 lvm /var/log/audit │ ├─ovirt-log 253:2 0 10G 0 lvm /var/log │ ├─ovirt-var 253:3 0 20G 0 lvm /var │ ├─ovirt-tmp 253:4 0 2G 0 lvm /tmp │ └─ovirt-home 253:5 0 1G 0 lvm /home └─vda3 252:3 0 6.1G 0 part / Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1525 BZ<2>Jira Resync |