1488385 – oscap-docker tracebacks and exits with error when scanning docker images and containers

Bug 1488385 - oscap-docker tracebacks and exits with error when scanning docker images and containers

Summary: oscap-docker tracebacks and exits with error when scanning docker images and ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	atomic
Sub Component:
Version:	26
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-05 09:14 UTC by Matus Marhefka
Modified:	2017-11-28 23:52 UTC (History)
CC List:	12 users (show)
Fixed In Version:	atomic-1.20.1-1.fc26 atomic-1.20.1-3.fc27
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-11-28 23:52:40 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matus Marhefka 2017-09-05 09:14:05 UTC

Description of problem:
When scanning docker images and containers using oscap-docker tool, it exits with error and prints traceback.


Version-Release number of selected component (if applicable):
openscap-containers-1.2.15-1.fc26.noarch
openscap-1.2.15-1.fc26.x86_64


How reproducible:
100%


Steps to Reproduce:
$ sudo oscap-docker image fedora xccdf eval --profile standard /usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
W: probe_environmentvariable58: Requested offline mode is not supported by probe_environmentvariable58.
W: oscap:     There was a problem processing referenced variable (oval:ssg-var_accounts_root_path_dirs_no_write:v

Title   gpgcheck Enabled In Main Dnf Configuration
Rule    xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated
Result  pass

...

Title   Ensure that Root's Path Does Not Include World or Group-Writable Directories
Rule    xccdf_org.ssgproject.content_rule_accounts_root_path_dirs_no_write
Result  pass

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/docker/api/client.py", line 220, in _raise_for_status
    response.raise_for_status()
  File "/usr/lib/python3.6/site-packages/requests/models.py", line 909, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localunixsocket/v1.26/containers/tmpq1h_b657?v=False&link=False&force=False

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/bin/oscap-docker", line 117, in <module>
    args.func()
  File "/bin/oscap-docker", line 51, in scan
    result = OS.scan(self.args.scan_target, self.unknown_args)
  File "/usr/lib/python3.6/site-packages/oscap_docker_python/oscap_docker_util.py", line 276, in scan
    self.helper._cleanup_by_path(_tmp_mnt_dir)
  File "/usr/lib/python3.6/site-packages/oscap_docker_python/oscap_docker_util.py", line 177, in _cleanup_by_path
    DM._clean_temp_container_by_path(_no_rootfs)
  File "/usr/lib/python3.6/site-packages/Atomic/mount.py", line 742, in _clean_temp_container_by_path
    self.d.remove_container(short_cid)
  File "/usr/lib/python3.6/site-packages/Atomic/client.py", line 66, in newfunc
    result = attr(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/usr/lib/python3.6/site-packages/docker/api/container.py", line 982, in remove_container
    self._raise_for_status(res)
  File "/usr/lib/python3.6/site-packages/docker/api/client.py", line 222, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/lib/python3.6/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.NotFound: 404 Client Error: Not Found ("No such container: tmpq1h_b657")


Actual results:
oscap-docker prints traceback and exits with error.

Expected results:
oscap-docker does not traceback and finishes scan successfully.

Comment 1 Matus Marhefka 2017-09-05 11:04:59 UTC

Verified that this PR fixes the problem: https://github.com/projectatomic/atomic/pull/1063

Comment 2 Matus Marhefka 2017-09-05 11:06:21 UTC

Version-Release number of selected component:
atomic-1.18.1-5.fc26.x86_64

Comment 3 Fedora Update System 2017-11-07 17:57:24 UTC

atomic-1.20.1-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8abafad976

Comment 4 Fedora Update System 2017-11-07 17:57:49 UTC

atomic-1.20.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-021f49279e

Comment 5 Fedora Update System 2017-11-07 19:16:22 UTC

atomic-1.20.1-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-021f49279e

Comment 6 Fedora Update System 2017-11-08 00:07:59 UTC

atomic-1.20.1-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8abafad976

Comment 7 Fedora Update System 2017-11-15 20:17:43 UTC

atomic-1.20.1-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2017-11-21 20:41:09 UTC

atomic-1.20.1-3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6a5dd1d5e

Comment 9 Fedora Update System 2017-11-22 21:39:50 UTC

atomic-1.20.1-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6a5dd1d5e

Comment 10 Fedora Update System 2017-11-28 23:52:40 UTC

atomic-1.20.1-3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.