Bug 1477335 - [RFE] Allow image-inspector to scan CentOS
[RFE] Allow image-inspector to scan CentOS
Status: NEW
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers (Show other bugs)
unspecified
Unspecified Unspecified
medium Severity medium
: GA
: cfme-future
Assigned To: Loic Avenel
brahmani
container:smartstate
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-01 16:08 EDT by jack.ottofaro
Modified: 2017-09-18 08:15 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Container Management


Attachments (Terms of Use)

  None (edit)
Description jack.ottofaro 2017-08-01 16:08:46 EDT
Description of problem:

Currently the image-inspector only supports scanning a version of RHEL. It can be configured with either a RHEL 5, 6 or 7 version number. Expand the image-inspector configuration capability to allow it to be configured to scan CentOS versions also.
Comment 2 Federico Simoncelli 2017-08-03 03:38:36 EDT
(In reply to jack.ottofaro from comment #0)
> Description of problem:
> 
> Currently the image-inspector only supports scanning a version of RHEL. It
> can be configured with either a RHEL 5, 6 or 7 version number. Expand the
> image-inspector configuration capability to allow it to be configured to
> scan CentOS versions also.

Jack as far as I know this is not supported by OpenSCAP at the moment (there is no official CentOS CVE feed to consume).

I think you should start by requesting this to the OpenSCAP team and maintainers of the CVE feeds.
Comment 3 jack.ottofaro 2017-08-04 17:19:01 EDT
Hi Federico,

The oscap tool itself takes the Source DataStream file, for example ssg-rhel7-ds.xml, as input. My understanding is users can and do customize these files even for RHEL. If you simply allowed the image-inspector to take the entire Source DataStream file as input rather than just the RHEL version number it would give the image-inspector the flexibility to support what the underlying oscap tool supports and account for the possibility that the RHEL file name format could change. So the enhancement would not be CentOS specific.
Comment 4 Dave Johnson 2017-08-24 19:10:42 EDT
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set it to Low/Low.

Note You need to log in before you can comment on or make changes to this bug.