Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1603347 - double chdir/chroot in probe rpmverifypackage
double chdir/chroot in probe rpmverifypackage
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap (Show other bugs)
7.6
Unspecified Unspecified
medium Severity medium
: alpha
: ---
Assigned To: Jan Černý
BaseOS QE Security Team
Mirek Jahoda
:
Depends On:
Blocks: 1646197
  Show dependency treegraph
 
Reported: 2018-07-19 10:29 EDT by Matus Marhefka
Modified: 2018-11-05 06:05 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
*OpenSCAP* `rpmverifypackage` does not work correctly The `chdir` and `chroot` system calls are called twice by the `rpmverifypackage` probe. Consequently, an error occurs when the probe is utilized during an *OpenSCAP* scan with custom Open Vulnerability and Assessment Language (OVAL) content. To work around this problem, do not use the `rpmverifypackage_test` OVAL test in your content or use only the content from the _scap-security-guide_ package where `rpmverifypackage_test` is not used.
Story Points: ---
Clone Of:
: 1646197 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
probe_test_rpm.oval.xml (7.15 KB, application/xml)
2018-07-19 10:31 EDT, Matus Marhefka 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Matus Marhefka 2018-07-19 10:29:58 EDT 
Description of problem:
# oscap-docker image registry.access.redhat.com/rhel7 oval eval --id oval:my:def:6 probe_test_rpm.oval.xml

Command: oscap oval eval --id oval:my:def:6 --results /dev/stdout probe_test_rpm.oval.xml failed!
Command returned exit code 1.
E: probe_rpmverifypackage: RPM: Failed to initialize NSS library

error: Failed to initialize NSS library
E: probe_rpmverifypackage: Unable to chdir to '/tmp/tmp8iWJcD/e0f879ff19f6266f31f7', errno: 2 "No such file or directory"
W: oscap:     Can't receive message: 125, Operation canceled.
E: oscap:     Recv: retry limit (0) reached.
OpenSCAP Error: Probe at sd=1 (rpmverifypackage) reported an error: Initialization failed [oval_probe_ext.c:393]
Unable to receive a message from probe [oval_probe_ext.c:579]
Invalid oval result type: -1. [oval_resultTest.c:179]


Version-Release number of selected component (if applicable):
openscap-1.2.17-1.el7.x86_64
openscap-scanner-1.2.17-1.el7.x86_64
openscap-utils-1.2.17-1.el7.x86_64
openscap-containers-1.2.17-1.el7.noarch


How reproducible:
always


Steps to Reproduce:
See the description.
Comment 1 Matus Marhefka 2018-07-19 10:31 EDT 
Created attachment 1460350 [details]
probe_test_rpm.oval.xml
Comment 3 Matus Marhefka 2018-08-17 07:43:42 EDT 
Upstream issue: https://github.com/OpenSCAP/openscap/issues/1173
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.