Description of the problem: Customers in public sector need to meet certain security layouts, one of them is the requirement of having separate partitions for the following directories /home /tmp /var /var/log/audit Version-Release number of selected component (if applicable): RHV-M appliance > rhvm-appliance-20170619.0-1.x86_64.rhevm.ova RPM > rhevm-appliance-20170616.0-1.el7ev.noarch.rpm How reproducible: 100%
Tried with: rhvm-appliance-20180103.0-1.x86_64.rhevm.ova # findmnt TARGET SOURCE FSTYPE OPTIONS / /dev/vda2 xfs rw,relatime,seclabel,attr2,inode64,noquota ├─/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime,seclabel │ ├─/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/cgroup tmpfs tmpfs ro,nosuid,nodev,noexec,seclabel,mode=755 │ │ ├─/sys/fs/cgroup/systemd cgroup cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd │ │ ├─/sys/fs/cgroup/perf_event cgroup cgroup rw,nosuid,nodev,noexec,relatime,perf_event │ │ ├─/sys/fs/cgroup/cpuset cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuset │ │ ├─/sys/fs/cgroup/blkio cgroup cgroup rw,nosuid,nodev,noexec,relatime,blkio │ │ ├─/sys/fs/cgroup/memory cgroup cgroup rw,nosuid,nodev,noexec,relatime,memory │ │ ├─/sys/fs/cgroup/pids cgroup cgroup rw,nosuid,nodev,noexec,relatime,pids │ │ ├─/sys/fs/cgroup/hugetlb cgroup cgroup rw,nosuid,nodev,noexec,relatime,hugetlb │ │ ├─/sys/fs/cgroup/net_cls,net_prio cgroup cgroup rw,nosuid,nodev,noexec,relatime,net_prio,net_cls │ │ ├─/sys/fs/cgroup/cpu,cpuacct cgroup cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu │ │ ├─/sys/fs/cgroup/freezer cgroup cgroup rw,nosuid,nodev,noexec,relatime,freezer │ │ └─/sys/fs/cgroup/devices cgroup cgroup rw,nosuid,nodev,noexec,relatime,devices │ ├─/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime │ ├─/sys/fs/selinux selinuxfs selinuxfs rw,relatime │ ├─/sys/kernel/debug debugfs debugfs rw,relatime │ └─/sys/kernel/config configfs configfs rw,relatime ├─/proc proc proc rw,nosuid,nodev,noexec,relatime │ ├─/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12601 │ └─/proc/fs/nfsd nfsd nfsd rw,relatime ├─/dev devtmpfs devtmpfs rw,nosuid,seclabel,size=887000k,nr_inodes=221750,mode=755 │ ├─/dev/shm tmpfs tmpfs rw,nosuid,nodev,seclabel │ ├─/dev/pts devpts devpts rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000 │ ├─/dev/hugepages hugetlbfs hugetlbfs rw,relatime,seclabel │ └─/dev/mqueue mqueue mqueue rw,relatime,seclabel ├─/run tmpfs tmpfs rw,nosuid,nodev,seclabel,mode=755 │ └─/run/user/0 tmpfs tmpfs rw,nosuid,nodev,relatime,seclabel,size=181540k,mode=700 └─/var/lib/nfs/rpc_pipefs rpc_pipefs rpc_pipefs rw,relatime # df -Th Filesystem Type Size Used Avail Use% Mounted on /dev/vda2 xfs 50G 3.3G 47G 7% / devtmpfs devtmpfs 867M 0 867M 0% /dev tmpfs tmpfs 887M 0 887M 0% /dev/shm tmpfs tmpfs 887M 17M 871M 2% /run tmpfs tmpfs 887M 0 887M 0% /sys/fs/cgroup tmpfs tmpfs 178M 0 178M 0% /run/user/0 # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom vda 253:0 0 58G 0 disk ├─vda1 253:1 0 8G 0 part [SWAP] └─vda2 253:2 0 50G 0 part /
rhvm-appliance-20180103.0-1.x86_64.rhevm.ova is not 4.2 Please check with rhvm-appliance-4.2-20171219.0, which contains the appropriate partitions.
Verified with: rhvm-appliance-4.2-20171219.0 # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom sr1 11:1 1 374K 0 rom vda 252:0 0 50G 0 disk ├─vda1 252:1 0 1G 0 part /boot ├─vda2 252:2 0 42.9G 0 part │ ├─ovirt-swap 253:0 0 8G 0 lvm [SWAP] │ ├─ovirt-audit 253:1 0 1G 0 lvm /var/log/audit │ ├─ovirt-log 253:2 0 10G 0 lvm /var/log │ ├─ovirt-var 253:3 0 20G 0 lvm /var │ ├─ovirt-tmp 253:4 0 2G 0 lvm /tmp │ └─ovirt-home 253:5 0 1G 0 lvm /home └─vda3 252:3 0 6.1G 0 part /
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1525
BZ<2>Jira Resync