-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-9.3.0
-
None
-
None
-
sst_security_compliance
-
ssg_security
-
26
-
None
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
-
Pass
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Selecting "Standard System Security Profile" during install fails with the following error:
/dev/shm must be on a separate partition or logical volume
The Anaconda installer is calling the following when applying this profile within the "SECURITY POLICY" spoke:
~~~
15:31:39,686 INF misc: OSCAP addon: Executing subprocess: 'oscap xccdf generate fix --template-urn:redhat: anaconda:pre --profile =xccdf_org.ssgproject.content_profile_cis_server_11 --datastream-id-scap_org.open-scap_datastream_from_xccdf_ssg-rhe19-xccdf.xml --xccdf-id=scap_org.open-scap_cref_ssg-rhe19-xccdf .xml /usr/share/xml/scap/ssg/content/ssg-rhe19-ds.xml'
~~~
Please provide the package NVR for which bug is seen:
RHEL 9.3 Binary DVD
# rpm -qa | grep scap
openscap-1.3.8-1.el9.x86_64
openscap-scanner-1.3.8-1.el9.x86_64
scap-security-guide-0.1.69-2.el9.noarch
Steps to reproduce:
1. Begin an installation using the 9.3 Binary DVD media
2. Leave all options to their default
3. Select the "SECURITY POLICY" menu option
4. Select "CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server" profile from the menu presented
5. Click the "Select profile" button
Actual results
The "Changes that were done or need to be done:" field returns
/dev/shm must be on a separate partition or logical volume
Expected results
No error returned. Especially not an error related to the /dev/shm interface. This is not a configured mount point, but is created/mounted by systemd internals.
Additional info:
The exact error being returned by oscap, and is translated by the installer, is the following:
~~~~
[anaconda root@unused /]# oscap xccdf generate fix --template-urn:redhat: anaconda:pre --profile =xccdf_org.ssgproject.content_profile_cis_server_11 --datastream-id-scap_org.open-scap_datastream_from_xccdf_ssg-rhe19-xccdf.xml --xccdf-id=scap_org.open-scap_cref_ssg-rhe19-xccdf .xml /usr/share/xml/scap/ssg/content/ssg-rhe19-ds.xml | grep shm
part /dev/shm
~~~~
- duplicates
-
RHEL-17386 Anaconda enforces creating a /dev/shm persistent filesystem, but then the system doesn't use it
- Closed
- is duplicated by
-
RHEL-21503 Anaconda write boggus option in fstab when specifying /dev/shm in kickstart file
- Closed
- relates to
-
RHEL-17386 Anaconda enforces creating a /dev/shm persistent filesystem, but then the system doesn't use it
- Closed
- links to
-
RHBA-2024:128049 scap-security-guide bug fix and enhancement update
- mentioned on