Description of problem:
The security profile "Protection Profile for General Purpose Operating Systems" excludes nfs-utils which prevents Server with GUI being installed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Apply "Protection Profile for General Purpose Operating Systems"
2. Select Server with GUI
Installation fails with:
Problem: package libvirt-daemon-kvm-4.5.0-35.module+el8.1.0+4227+b2722cb3.x86_64 requires libvirt-daemon-driver-qemu = 4.5.0-35.module+el8.1.0+4227+b2722cb3, but none of the providers can be installed
- package libvirt-daemon-driver-qemu-4.5.0-35.module+el8.1.0+4227+b2722cb3.x86_64 requires libvirt-daemon-driver-storage-core = 4.5.0-35.module+el8.1.0+4227+b2722cb3, but none of the providers can be installed
- package gnome-boxes-3.28.5-7.el8.x86_64 requires libvirt-daemon-kvm, but none of the providers can be installed
- package libvirt-daemon-driver-storage-core-4.5.0-35.module+el8.1.0+4227+b2722cb3.x86_64 requires nfs-utils, but none of the providers can be installed
- conflicting requests
- package nfs-utils-1:2.3.3-26.el8.x86_64 is excluded
Either a clear warning that the Server with GUI can not be installed
Or remove the option to select it all together
This seems like an OSCAP Anaconda addon option. Switching to OSCAP for further triage.
We made preliminary analysis:
As OSCAP Anaconda Addon allows custom content to be used, there is no simple way of testing it before release, and ensuring there's no conflict. Let's assume the environments do not have conflicts within themselves, and that is tested before the release. That means if the conflict arise, it's most likely because of restrictions imposed by the selected Security policy. Therefore there are some approaches how to make this issue less painful for the users:
* Document somewhere within OAA, when packages are being removed, that there is a risk the installation will fail due to the conflict. We cannot specify which environments will fail, so the warning would have to be shown every time.
** There might be added an option to mark "risky" packages, or in reverse, mark packages that are not likely to cause conflicts, to make information more targeted
* Have environment restrictions part of the profile description (won't cover custom content)
* Look into the requirement, and challenge the need to force removal of nfs-utils
Removed the Feature keyword, as this is not a feature, but rather a bugfix.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (oscap-anaconda-addon bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
Hi Lucie, just confirmed with @matyc and the doc text is current. Nothing has changed since the doc text was published.