Bug 1640522 - SELinux Security Context probe produces a flood of annoying messages
Summary: SELinux Security Context probe produces a flood of annoying messages
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap   
(Show other bugs)
Version: 7.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Černý
QA Contact: BaseOS QE Security Team
Mirek Jahoda
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-18 09:26 UTC by Jan Černý
Modified: 2018-11-22 12:26 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
*OpenSCAP* scanner results contain a lot of SELinux context error messages The *OpenSCAP* scanner logs inability to get SELinux context on the "ERROR" level even in situations where it is not a true error. As a result, *OpenSCAP* scanner results contain a lot of SELinux context error messages. Both the *oscap* command-line utility and the *SCAP Workbench* graphical utility outputs can be hard to read for that reason.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jan Černý 2018-10-18 09:26:54 UTC
Description of problem:
SELinux Security Context probe produces a flood of annoying messages
that look like this:

Can't get context ...

This makes the output hard to orient in.

Version-Release number of selected component (if applicable):
openscap-1.2.17

How reproducible:
always

Steps to Reproduce:
1.oscap xccdf eval --oval-results --report xccdf_org.ssgproject.content_profile_ospp42-draft.html --progress --profile xccdf_org.ssgproject.content_profile_ospp42-draft /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
2. see the stderr
3.

Actual results:
A lot of "Can't get context" messages are written on stderr.

Expected results:
These messages are displayed only in DEVEL verbosity level.

Additional info:

Comment 2 Jan Černý 2018-10-18 09:27:21 UTC
This was fixed upstream in https://github.com/OpenSCAP/openscap/pull/1222

Comment 3 Marek Haicman 2018-10-18 11:17:16 UTC
Just a note (for testing purposes) this is triggered specifically by rule xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons


Note You need to log in before you can comment on or make changes to this bug.