Bug 1387288 - atomic scan enhancement proposal: exit code should better reflect scan outcome
Summary: atomic scan enhancement proposal: exit code should better reflect scan outcome
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: atomic
Version: 7.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Lokesh Mandvekar
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-20 14:34 UTC by Matus Marhefka
Modified: 2020-05-05 14:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-05 14:44:13 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Matus Marhefka 2016-10-20 14:34:51 UTC
Description of problem:
Currently `atomic scan' exit codes only inform user about its successful/unsuccessful termination. For better utilization, mainly in automated scripts, it should add one more exit code, for example:

0 - successful, scan pass
1 - unsuccessful, some error occured
2 - successful, scan failed [THIS IS CURRENTLY MISSING]

This would also reflect the exit codes of the oscap(8) which uses exit codes in the following way:
Normally, the exit status is 0 when operation finished successfully and 1 otherwise. In cases when oscap performs evaluation of the system it may return 2 indicating success of the operation but incompliance of the assessed system.

This would probably need to be implemented in `oscapd-evaluate' (part of openscap-daemon RPM) as `atomic scan' only serves as a wrapper for `oscapd-evaluate' command (which is run in openscap-docker container) and exits with the exact same exit code as `oscapd-evaluate'. Anyway, it would have to be documented also for `atomic scan'.


Version-Release number of selected component (if applicable):
atomic-1.12.5-2.el7
openscap-daemon-0.1.6-1.el7


How reproducible:
Always when `atomic scan' is successful but scan failed (incompliance of the assessed system was found).


Steps to Reproduce:
1. atomic scan IMAGE/CONTAINER
2. echo $?


Actual results:


Expected results:


Additional info:

Comment 2 Brent Baude 2017-02-28 14:36:30 UTC
I have added return codes 0 and 1 to reflect a successful or failed scan to the master branch with https://github.com/projectatomic/atomic/pull/919


Note You need to log in before you can comment on or make changes to this bug.