Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix file_permissions_unauthorized_sgid #12602

Merged
merged 1 commit into from
Nov 12, 2024
Merged

Fix file_permissions_unauthorized_sgid #12602

merged 1 commit into from
Nov 12, 2024

Conversation

jan-cerny
Copy link
Collaborator

Fix rule file_permissions_unauthorized_sgid for bootable containers. We will filter out the /sysroot directory from our scan because it contains only the physical root and not the real file system.

See:
https://containers.github.io/bootc/filesystem-sysroot.html#sysroot-mount

@jan-cerny
Fix file_permissions_unauthorized_sgid
86b165e 
Fix rule file_permissions_unauthorized_sgid for bootable containers.
We will filter out the /sysroot directory from our scan because it
contains only the physical root and not the real file system.

See:
https://containers.github.io/bootc/filesystem-sysroot.html#sysroot-mount
@jan-cerny jan-cerny added OVAL OVAL update. Related to the systems assessments. Image Mode Bootable containers and Image Mode RHEL labels Nov 12, 2024
@jan-cerny jan-cerny added this to the 0.1.76 milestone Nov 12, 2024
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate CodeClimate
Copy link

codeclimate bot commented Nov 12, 2024

Code Climate has analyzed commit 86b165e and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Nov 12, 2024
@Mab879
Copy link
Member

Mab879 commented Nov 12, 2024

Automatus passes locally.

$ ./automatus.py rule --libvirt qemu:///system automatus_rhel9_4 --datastream ../build/ssg-rhel9-ds.xml --remediate-using bash file_permissions_unauthorized_sgid
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/mburket/Developer/github.com/ComplianceAsCode/content/tests/logs/rule-custom-2024-11-12-1231/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_sgid
INFO - Script no_unpackaged_sgid.pass.sh using profile (all) OK
INFO - Script unpackaged_sgid.fail.sh using profile (all) OK

@Mab879 Mab879 merged commit d77f338 into ComplianceAsCode:master Nov 12, 2024
99 of 105 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
Image Mode Bootable containers and Image Mode RHEL OVAL OVAL update. Related to the systems assessments.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-cerny @Mab879