Bug 2030596

Summary: [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied
Product: Red Hat Enterprise Virtualization Manager Reporter: Martin Perina <mperina>
Component: ovirt-engineAssignee: Ales Musil <amusil>
Status: CLOSED ERRATA QA Contact: cshao <cshao>
Severity: high Docs Contact:
Priority: high    
Version: 4.4.0CC: cshao, emarcus, gdeolive
Target Milestone: ovirt-4.5.0Keywords: FutureFeature, ZStream
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.5.0 Doc Type: Enhancement
Doc Text:
The Red Hat Virtualization Manager is now capable of running on machine with the PCI-DSS security profile.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-26 16:23:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1970529, 2015093, 2020620, 2029830, 2031027, 2056052    
Bug Blocks: 2073293    

Description Martin Perina 2021-12-09 08:54:30 UTC 
RHV Manager should be able to properly run on a host where the official PCI-DSS profile for RHEL 8 is applied

https://www.redhat.com/en/resources/pci-dss-compliance-coalfire-analyst-paper
http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-pci-dss.html
https://www.pcisecuritystandards.org/document_library

If running on the official PCI-DSS profile is not feasible due to technical limitations, then we need to create a hardening profile for RHV Manager based on the official PCI-DSS profile, where we would have disabled PCI-DSS features which blocks proper functionality of RHV Manager.
Comment 4 cshao 2022-05-05 10:09:26 UTC 
Test version:
RHVH-4.5-20220425.0-RHVH-x86_64-dvd1.iso 

Engine:
RHV 4.5.0-9

Test steps:
1. Install RHVH-4.5-20220425.0-RHVH-x86_64-dvd1.iso with PCI-DSS profile applied.
2. Reboot
3. Register to engine.

Test Result:
Instal RHVH with PCI-DSS profiles applied - pass
Register host to engine with PCI-DSS - pass

So the bug is fixed, change bug status to VERIFIED.
Comment 9 errata-xmlrpc 2022-05-26 16:23:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4711