Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-55251

OpenSCAP evaluates all rules as notapplicable when building bootc image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-9.6
    • rhel-9.4
    • openscap
    • None
    • No
    • None
    • rhel-sst-security-compliance
    • ssg_security
    • 2
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      When building a bootc image, I run a STIG profile evaluation using oscap during the build, but all rules result is notapplicable.

      This would be a big obstacle if I would like to run remediation.

      Please provide the package NVR for which bug is seen:

      openscap-1:1.3.10-2.el9_3.x86_64

      scap-security-guide-0.1.73-1.el9_4.noarch

      podman-5.2.0-1.fc40.x86_64

      How reproducible:

      deterministic

      Steps to reproduce

      1. Create a Containerfile
      2. Run: podman build -t pokus .

      Containerfile:

      FROM rhel9/rhel-bootc
      RUN dnf -y install scap-security-guide openscap-scanner
      RUN oscap xccdf eval --profile stig --results-arf arf.xml /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

       

      you can reproduce it on also Fedora hosts as the bug is in the container

      Expected results

      Rules that are applicable are evaluated with appropriate results ie pass or fail.

      Actual results

      All rules are evaluated as notapplicable.

              jcerny@redhat.com Jan Cerny
              jcerny@redhat.com Jan Cerny
              Jan Cerny Jan Cerny
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: