-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhel-9.3.0
-
None
-
None
-
Important
-
sst_security_compliance
-
ssg_security
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
What were you trying to do that didn't work?
Trying to install a system with CIS Level 2 selected as Security Profile, the installer starts complaining with requiring a partition for /dev/shm (see cisl2.png picture attached), first item in error.
After creating this file system and installation occurred, we can see that this /dev/shm mount point is present but not used anyway:
[root@localhost ~]# mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,seclabel,inode64)
[root@localhost ~]# grep /dev/shm /etc/fstab
/dev/mapper/rhel-dev_shm /dev/shm xfs defaults,nodev,noexec,nosuid 0 0
[root@localhost ~]# grep /dev/shm anaconda-ks.cfg
logvol /dev/shm --fstype="xfs" --size=1024 --name=dev_shm --vgname=rhel
Checking scap-security-guide sources, I cannot see enforcement of /dev/shm being a persistent file system, and IMHO this doesn't make sense having a persistent file system anyway since it's used for shared memory.
Please provide the package NVR for which bug is seen:
oscap-anaconda-addon-2.0.0-17.el9.noarch
How reproducible:
Always
Steps to reproduce
- Install a system with selecting "CIS ... Level 2 - Server" profile
- is duplicated by
-
RHEL-16801 Selecting "CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server" profile during RHEL 9.3 install fails
- Closed
- is related to
-
RHEL-16801 Selecting "CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server" profile during RHEL 9.3 install fails
- Closed