Bug 1640522 - SELinux Security Context probe produces a flood of annoying messages
Summary: SELinux Security Context probe produces a flood of annoying messages
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap
Version: 7.7
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Jan Černý
QA Contact: BaseOS QE Security Team
Mirek Jahoda
URL:
Whiteboard:
: 1676894 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-18 09:26 UTC by Jan Černý
Modified: 2019-09-12 13:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
*OpenSCAP* scanner results contain a lot of SELinux context error messages The *OpenSCAP* scanner logs inability to get SELinux context on the "ERROR" level even in situations where it is not a true error. As a result, *OpenSCAP* scanner results contain a lot of SELinux context error messages. Both the *oscap* command-line utility and the *SCAP Workbench* graphical utility outputs can be hard to read for that reason.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Jan Černý 2018-10-18 09:26:54 UTC
Description of problem:
SELinux Security Context probe produces a flood of annoying messages
that look like this:

Can't get context ...

This makes the output hard to orient in.

Version-Release number of selected component (if applicable):
openscap-1.2.17

How reproducible:
always

Steps to Reproduce:
1.oscap xccdf eval --oval-results --report xccdf_org.ssgproject.content_profile_ospp42-draft.html --progress --profile xccdf_org.ssgproject.content_profile_ospp42-draft /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
2. see the stderr
3.

Actual results:
A lot of "Can't get context" messages are written on stderr.

Expected results:
These messages are displayed only in DEVEL verbosity level.

Additional info:

Comment 2 Jan Černý 2018-10-18 09:27:21 UTC
This was fixed upstream in https://github.com/OpenSCAP/openscap/pull/1222

Comment 3 Marek Haicman 2018-10-18 11:17:16 UTC
Just a note (for testing purposes) this is triggered specifically by rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons

Comment 8 Jan Černý 2019-05-13 09:24:57 UTC
*** Bug 1676894 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.