Bug 1814137
| Summary: | No SCAP security guide on Anaconda security policy page | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Qin Yuan <qiyuan> | ||||
| Component: | redhat-virtualization-host | Assignee: | Nir Levy <nlevy> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Qin Yuan <qiyuan> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.3.9 | CC: | cshao, emarcus, lsvaty, mavital, michal.skrivanek, mtessun, nlevy, peyu, qiyuan, sbonazzo, shlei, weiwang, yaniwang, yturgema | ||||
| Target Milestone: | ovirt-4.3.9-1 | Keywords: | Regression, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | redhat-virtualization-host-4.3.9-20200324.0.el7_8 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-04-02 17:09:16 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Node | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
No such issue on previous build RHVH-4.3-RHEL-7-20200218.2-RHVH-x86_64-dvd1.iso. Install RHVH-ISO-4.3-RHEL-7-20200318.1-RHVH-x86_64-dvd1.iso,
1. In /usr/share/anaconda/addons/org_fedora_oscap/common.py:
SSG_DIR = "/usr/share/xml/scap/ssg/content/"
SSG_CONTENT = "ssg-rhel7-ds.xml"
if constants.shortProductName != 'anaconda':
if constants.shortProductName == 'fedora':
SSG_CONTENT = "ssg-fedora-ds.xml"
else:
SSG_CONTENT = "ssg-%s%s-ds.xml" % (constants.shortProductName,
constants.productVersion.strip(".")[0])
2. Check constants.shortProductName and constants.productVersion:
[anaconda root@dell-per740-28 org_fedora_oscap]# python
Python 2.7.5 (default, Sep 26 2019, 13:23:47)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pyanaconda import constants
>>> print constants.shortProductName
rhvh-iso
>>> print constants.productVersion
4.3
As you can see, SSG_CONTENT should be ssg-rhvh-iso4-ds.xml.
3. Check actual ssg content:
[anaconda root@dell-per740-28 content]# ls -al
total 27854
drwxr-xr-x. 2 root root 1024 Mar 22 10:26 .
drwxr-xr-x. 3 root root 1024 Nov 29 16:30 ..
-rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml
lrwxrwxrwx. 1 root root 49 Mar 18 16:59 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml
The actual ssg content file is ssg-rhvh4-ds.xml
4. Add required ssg-rhvh-iso4-ds.xml in /usr/share/xml/scap/ssg/content:
[anaconda root@dell-per740-28 content]# ls -al
total 27854
drwxr-xr-x. 2 root root 1024 Mar 22 10:30 .
drwxr-xr-x. 3 root root 1024 Nov 29 16:30 ..
-rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml
lrwxrwxrwx. 1 root root 49 Mar 22 10:30 ssg-rhvh-iso4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml
lrwxrwxrwx. 1 root root 49 Mar 18 16:59 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml
scap security guide appears on Anaconda.
What's more, if install an unsigned iso, like RHVH-UNSIGNED-ISO-4.3-RHEL-7-20200227.0-RHVH-x86_64-dvd1.iso, the shortProductName will be rhvh-unsigned-iso, see:
[anaconda root@dell-per740-28 ~]# python
Python 2.7.5 (default, Sep 26 2019, 13:23:47)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pyanaconda import constants
>>> print constants.shortProductName
rhvh-unsigned-iso
Then the needed ssg content file name will be ssg-rhvh-unsigned-iso4-ds.xml.
I think it's better to keep the product name to be rhvh, but not rhvh-iso or rhvh-unsigned-iso.
Tested RHVH-4.3-20200324.2-RHVH-x86_64-dvd1.iso, scap security guide can be displayed on Anaconda UI. The bug is fixed, move to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1310 |
Created attachment 1670742 [details] security policy page Description of problem: No SCAP security guide on Anaconda security policy page. The content under /usr/share/xml/scap/ssg/content is : [anaconda root@dell-per740-28 content]# ls -al total 27853 drwxr-xr-x. 2 root root 1024 Mar 12 10:07 . drwxr-xr-x. 3 root root 1024 Nov 29 16:30 .. -rw-r--r--. 1 root root 28519118 Nov 29 16:29 ssg-rhel7-ds.xml lrwxrwxrwx. 1 root root 49 Mar 12 10:01 ssg-rhvh4-ds.xml -> /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml Version-Release number of selected component (if applicable): RHVH-ISO-4.3-RHEL-7-20200312.1-RHVH-x86_64-dvd1.iso How reproducible: 100% Steps to Reproduce: 1. Install RHVH-ISO-4.3-RHEL-7-20200312.1-RHVH-x86_64-dvd1.iso, open SECURITY POLICY page on Anaconda Actual results: There is no SCAP security guide. Expected results: SCAP security guide should be present when the security policy page is opened. Additional info: