1640522 – SELinux Security Context probe produces a flood of annoying messages

Bug 1640522 - SELinux Security Context probe produces a flood of annoying messages

Summary: SELinux Security Context probe produces a flood of annoying messages

Status:	POST
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openscap
Sub Component:	(Show other bugs)
Version:	7.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Černý
QA Contact:	BaseOS QE Security Team
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-18 09:26 UTC by Jan Černý
Modified:	2018-11-22 12:26 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	OpenSCAP scanner results contain a lot of SELinux context error messages The OpenSCAP scanner logs inability to get SELinux context on the "ERROR" level even in situations where it is not a true error. As a result, OpenSCAP scanner results contain a lot of SELinux context error messages. Both the oscap command-line utility and the SCAP Workbench graphical utility outputs can be hard to read for that reason.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan Černý 2018-10-18 09:26:54 UTC

Description of problem:
SELinux Security Context probe produces a flood of annoying messages
that look like this:

Can't get context ...

This makes the output hard to orient in.

Version-Release number of selected component (if applicable):
openscap-1.2.17

How reproducible:
always

Steps to Reproduce:
1.oscap xccdf eval --oval-results --report xccdf_org.ssgproject.content_profile_ospp42-draft.html --progress --profile xccdf_org.ssgproject.content_profile_ospp42-draft /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
2. see the stderr
3.

Actual results:
A lot of "Can't get context" messages are written on stderr.

Expected results:
These messages are displayed only in DEVEL verbosity level.

Additional info:

Comment 2 Jan Černý 2018-10-18 09:27:21 UTC

This was fixed upstream in https://github.com/OpenSCAP/openscap/pull/1222

Comment 3 Marek Haicman 2018-10-18 11:17:16 UTC

Just a note (for testing purposes) this is triggered specifically by rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons

Note You need to log in before you can comment on or make changes to this bug.