RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1391754 - oscap-vm fails to handle simple fail scenarios
Summary: oscap-vm fails to handle simple fail scenarios
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap
Version: 7.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Martin Preisler
QA Contact: Watson Yuuma Sato
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-03 22:20 UTC by Marek Haicman
Modified: 2017-08-01 08:45 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 08:45:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2291 0 normal SHIPPED_LIVE openscap bug fix update 2017-08-01 12:38:59 UTC

Description Marek Haicman 2016-11-03 22:20:22 UTC 
Description of problem:
When oscap-vm utility is called on non-existent image, or on image that exists, but for some reason fails to mount, scan is nevertheless performed on empty directory meant to contain the mounted image. This is not nice user experience.

Version-Release number of selected component (if applicable):
openscap-1.2.10-2.el7.x86_64

How reproducible:
reliably

Steps to Reproduce:
1. oscap-vm image ./empty.qcow2 xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results empty_results.file --results-arf empty_results.arf.file --report empty_report.file ./test-ds.xml
when either empty.qcow2 exists [created by touch for example] or does not exist at all

Actual results:
Scan is performed, some rules might even pass, exit code 2 [failing rules]

Expected results:
Scan is not performed, error message clearly states there was an issue during preparation phase, exit code other than 0 and 2 to symbolize error.

Additional info:
Comment 2 Martin Preisler 2017-01-11 21:07:29 UTC 
Upstream fix proposed: https://github.com/OpenSCAP/openscap/pull/646
Comment 5 Watson Yuuma Sato 2017-05-16 15:13:46 UTC 
Verified.

NEW:
:: [   LOG    ] :: Package versions:
:: [   LOG    ] ::   openscap-1.2.14-1.el7.x86_64

:: [   PASS   ] :: File ./empty.qcow2 should not exist 
:: [   PASS   ] :: Command 'oscap-vm image ./empty.qcow2 xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results empty_results.file --results-arf empty_results.arf.file --report empty_report.file ./test-ds.xml' (Expected 1,3-127, got 1)
:: [   PASS   ] :: File empty_results.file should not exist 
:: [   PASS   ] :: File empty_results.arf.file should not exist 
:: [   PASS   ] :: File empty_report.file should not exist 
:: [   PASS   ] :: Creating empty file (Expected 0, got 0)
:: [   PASS   ] :: Command 'oscap-vm image ./empty.qcow2 xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results empty_results.file --results-arf empty_results.arf.file --report empty_report.file ./test-ds.xml' (Expected 1,3-127, got 1)
:: [   PASS   ] :: File empty_results.file should not exist 
:: [   PASS   ] :: File empty_results.arf.file should not exist 
:: [   PASS   ] :: File empty_report.file should not exist 
:: [   LOG    ] :: Duration: 13s
:: [   LOG    ] :: Assertions: 10 good, 0 bad
:: [   PASS   ] :: RESULT: negative testing

OLD:
:: [   LOG    ] :: Package versions:
:: [   LOG    ] ::   openscap-1.2.10-2.el7.x86_64

:: [   PASS   ] :: File ./empty.qcow2 should not exist 
:: [   FAIL   ] :: Command 'oscap-vm image ./empty.qcow2 xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results empty_results.file --results-arf empty_results.arf.file --report empty_report.file ./test-ds.xml' (Expected 1,3-127, got 2)
:: [   FAIL   ] :: File empty_results.file should not exist 
:: [   FAIL   ] :: File empty_results.arf.file should not exist 
:: [   FAIL   ] :: File empty_report.file should not exist 
:: [   PASS   ] :: Creating empty file (Expected 0, got 0)
:: [   FAIL   ] :: Command 'oscap-vm image ./empty.qcow2 xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results empty_results.file --results-arf empty_results.arf.file --report empty_report.file ./test-ds.xml' (Expected 1,3-127, got 2)
:: [   FAIL   ] :: File empty_results.file should not exist 
:: [   FAIL   ] :: File empty_results.arf.file should not exist 
:: [   FAIL   ] :: File empty_report.file should not exist 
:: [   LOG    ] :: Duration: 1m 14s
:: [   LOG    ] :: Assertions: 2 good, 8 bad
:: [   FAIL   ] :: RESULT: negative testing
Comment 7 errata-xmlrpc 2017-08-01 08:45:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2291
Note You need to log in before you can comment on or make changes to this bug.