Bug 1814988
| Summary: | Applying foreman.scap role from Satellite on client system where DISA STIG Security Policy is applied locally fails. | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Krutika Kinge <kkinge> |
| Component: | SCAP Plugin | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | NEW --- | QA Contact: | Jameer Pathan <jpathan> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.6.0 | CC: | ahumbe, aruzicka, egolov, jerome.meyer, mhulan, nshaik, stefan.schwiedel |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ansiblerole-foreman_scap_client-0.1.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Krutika Kinge
2020-03-19 09:20:32 UTC
Could you try whitelisting ruby in fapolicyd? It helped upstream: https://community.theforeman.org/t/issue-running-theforeman-foreman-scap-client-on-rhel-8/17438 Whitelisting helps. There are 3 possible solutions: - RedHat solves the issue by preventing ruby code in ansible roles to run python - the openscap policy could whitelists ruby because the ruby script is from the openscap package - the puppet-agent installer should whitelist ruby since puppet require ruby I prefer to not use ruby code in ansible. Created redmine issue https://projects.theforeman.org/issues/29475 from this bug Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/29475 has been resolved. Moving back to new for reevaluation |