Bug 2117511
| Summary: | openscap cis_server_level1 benchmark list mount option requirement for /var/tmp but does not require separate /var/tmp [rhel-8.4.0.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | RHEL Program Management Team <pgm-rhel-tools> |
| Component: | scap-security-guide | Assignee: | Matěj Týč <matyc> |
| Status: | CLOSED ERRATA | QA Contact: | Milan Lysonek <mlysonek> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.5 | CC: | ggasparb, matyc, mhaicman, mlysonek, vpolasek, wsato |
| Target Milestone: | rc | Keywords: | AutoVerified, Triaged, ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | scap-security-guide-0.1.63-2.el8_4 | Doc Type: | Enhancement |
| Doc Text: |
Feature: Rules for mount options of /tmp and /var/tmp partitions were formerly failing if respective partitions didn't exist. This enhancement makes those rules not applicable instead.
Reason: If those partitions don't exist, related rules don't make sense. If this is the case and those mount options are essential for that particular policy, a rule that prescribes existence of such partitions should be present in the profile, and that one rule should fail.
Result: Security profiles s.a. CIS L1 that prescribe mount options for partitions that may or may not be there suffered from failures of respective rules. Now, those rules fail only when the partition exist, and it doesn't posses those mount options.
|
Story Points: | --- |
| Clone Of: | 2032403 | Environment: | |
| Last Closed: | 2022-08-30 21:48:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2032403 | ||
| Bug Blocks: | |||
|
Comment 18
errata-xmlrpc
2022-08-30 21:48:16 UTC
|