Description of problem: I am unable to login to a system that has been built with image-builder and remediated using the anssi enhanced profile, the anssi high profile or the anssi intermediary profile - all three profiles produce the same selinux error. Version-Release number of selected component (if applicable): 0.1.63 How reproducible: Steps to Reproduce: 1. using osbuild-composer to build an image on-prem, create a blueprint with the following customizations: [customizations.openscap] profile_id = "bp28_enhanced" # or bp28_high or bp28_intermediary datastream = "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml" 2. Once the image has been built, boot it up and attempt login Actual results: User is unable to log into the system Expected results: User is able to log into the system Additional info: The session starts and the user is logged out with the message: Cannot make/remove an entry for the specified session Upstream issue: https://github.com/ComplianceAsCode/content/issues/9536
We modified the CaC content in a way that it won't try to enable polyinstantiated directories. It requires a certain state of selinux booleans and we can't change these values in the IB pipeline. https://github.com/ComplianceAsCode/content/pull/10117