Bug 1634239

Summary: No SCAP security guide on Anaconda security policy page
Product: [oVirt] ovirt-node Reporter: Qin Yuan <qiyuan>
Component: Installation & UpdateAssignee: Yuval Turgeman <yturgema>
Status: CLOSED CURRENTRELEASE QA Contact: Qin Yuan <qiyuan>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2CC: bugs, chyan, cshao, huzhao, qiyuan, sbonazzo, sgoodman, weiwang, yaniwang, ycui, yturgema
Target Milestone: ovirt-4.3.0Flags: rule-engine: ovirt-4.3+
cshao: testing_ack+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: redhat-virtualization-host-productimg-4.3-0.0.el7 Doc Type: Bug Fix
Doc Text:
oscap-anaconda-addon was changed to read the datastream file based on the OS name and version. Consequently, the addon looks for a datastream file named "ssg-rhvh4-ds.xml," which does not exist, so no OSCAP profiles are shown. The relevant OSCAP profiles for RHVH reside in ssg-rhel7-ds.xml, so a symlink was added named ssg-rhvh4-ds.xml that references ssg-rhel7-ds.xml.
 Story Points: ---
Clone Of:
: 1636847 (view as bug list) Environment:
Last Closed: 2019-02-13 07:45:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1654253    
Attachments:
Description Flags
security policy page screenshot none

Description Qin Yuan 2018-09-29 08:30:43 UTC 
Created attachment 1488316 [details]
security policy page screenshot

Description of problem:
Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, there is no SCAP security guide on Anaconda security policy page.
No such issue with RHEL 7.6

Version-Release number of selected component (if applicable):
RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso

How reproducible:
100%

Steps to Reproduce:
1.Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, open SECURITY POLICY page on Anaconda

Actual results:
There is no SCAP security guide.

Expected results:
SCAP security guide should be present when the security policy page is opened.

Additional info:
Comment 1 Yuval Turgeman 2018-10-07 11:43:13 UTC 
Looks like oscap-anaconda-addon has changed to search for its content according to the productName - it used to search for:

"/usr/share/xml/scap/ssg/content/ssg-rhel%s-ds.xml" % productVersion... which expands to ssg-rhel7-ds.xml and is available from scap-security-guide.

and now it searches for:

"/usr/share/xml/scap/ssg/content/ssg-%s%s-ds.xml" % (productName, productVersion..")  which expands in RHVH to ssg-RHVH4-ds.xml and this doesn't exist in scap-security-guide.
Comment 4 Sandro Bonazzola 2018-10-10 15:13:10 UTC 
Let's workaround bug #1636847 and open a separate bug to remove the workaround once the fix will be available.
Comment 6 Qin Yuan 2018-12-12 10:34:50 UTC 
With RHVH-4.3-20181210.0-RHVH-x86_64-dvd1.iso, SCAP security guide is available now.
Comment 7 Sandro Bonazzola 2019-02-13 07:45:12 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.