1640522 – SELinux Security Context probe produces a flood of annoying messages

Bug 1640522 - SELinux Security Context probe produces a flood of annoying messages

Summary: SELinux Security Context probe produces a flood of annoying messages

Keywords:
Status:	POST
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openscap
Sub Component:
Version:	7.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Černý
QA Contact:	BaseOS QE Security Team
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Duplicates (1):	1676894 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-18 09:26 UTC by Jan Černý
Modified:	2019-12-04 16:29 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	OpenSCAP scanner results contain a lot of SELinux context error messages The OpenSCAP scanner logs inability to get SELinux context on the "ERROR" level even in situations where it is not a true error. As a result, OpenSCAP scanner results contain a lot of SELinux context error messages. Both the oscap command-line utility and the SCAP Workbench graphical utility outputs can be hard to read for that reason.
Clone Of:
Environment:
Last Closed:
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan Černý 2018-10-18 09:26:54 UTC

Description of problem:
SELinux Security Context probe produces a flood of annoying messages
that look like this:

Can't get context ...

This makes the output hard to orient in.

Version-Release number of selected component (if applicable):
openscap-1.2.17

How reproducible:
always

Steps to Reproduce:
1.oscap xccdf eval --oval-results --report xccdf_org.ssgproject.content_profile_ospp42-draft.html --progress --profile xccdf_org.ssgproject.content_profile_ospp42-draft /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
2. see the stderr
3.

Actual results:
A lot of "Can't get context" messages are written on stderr.

Expected results:
These messages are displayed only in DEVEL verbosity level.

Additional info:

Comment 2 Jan Černý 2018-10-18 09:27:21 UTC

This was fixed upstream in https://github.com/OpenSCAP/openscap/pull/1222

Comment 3 Marek Haicman 2018-10-18 11:17:16 UTC

Just a note (for testing purposes) this is triggered specifically by rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons

Comment 8 Jan Černý 2019-05-13 09:24:57 UTC

*** Bug 1676894 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.