Bug 2047740

Summary: Workbench errors on remote scan with passwordless sudo user
Product: Red Hat Enterprise Linux 9 Reporter: Matus Marhefka <mmarhefk>
Component: scap-workbenchAssignee: Matěj Týč <matyc>
Status: CLOSED ERRATA QA Contact: Matus Marhefka <mmarhefk>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.0CC: mhaicman, wsato
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-workbench-1.2.1-13.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 13:23:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2048571    
Bug Blocks:    
Deadline: 2022-02-21   

Description Matus Marhefka 2022-01-28 12:51:07 UTC 
Description of problem:
When scanning remote system or localhost (using passwordless sudo user) through ssh using scap-workbench there is an error from openscap when copying result files from the remote system:
----------
15:22:19 
error    
The 'oscap' process has written the following content to stderr: OpenSCAP Error: Permission denied '/tmp/tmp.jdeVnIfXwt' [/builddir/build/BUILD/openscap-1.3.5/src/common/elements.c:237] 

15:22:19 
error    
The 'oscap' process has written the following content to stderr: Could not save file: /tmp/tmp.jdeVnIfXwt [/builddir/build/BUILD/openscap-1.3.5/src/XCCDF/xccdf_session.c:1425] 

15:22:20 
info     
Cleaning up...

15:22:20 
info     
Processing has been finished!
----------


Version-Release number of selected component (if applicable):
scap-workbench-1.2.1-13.el9.x86_64
openscap-1.3.5-13.el9.x86_64
openscap-scanner-1.3.5-13.el9.x86_64
scap-security-guide-0.1.57-5.el9.noarch
openscap-utils-1.3.5-13.el9.x86_64


How reproducible:
always


Steps to Reproduce:
1. Setup passwordless sudo user based on scap-workbench user manual (either on remote system or localhost)
2. Select 'user is sudoer' checkbox and run a remote scan using the passwordless sudo user.


Actual results:
There are errors in Diagnostics window from openscap when copying result files from the remote system.


Expected results:
No errors in Diagnostics window.


Additional info:
Comment 1 Matěj Týč 2022-01-28 15:41:21 UTC 
The issue also prevents the report from being generated and manifests when scanning a RHEL9 system - regardless of the scanning system.
Comment 8 errata-xmlrpc 2022-05-17 13:23:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: scap-workbench), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2500