Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL7 and RHEL9 CIS Kickstarts don't configure partition for /dev/shm #10274

Closed
yuumasato opened this issue Mar 1, 2023 · 0 comments · Fixed by #10286
Closed

RHEL7 and RHEL9 CIS Kickstarts don't configure partition for /dev/shm #10274

yuumasato opened this issue Mar 1, 2023 · 0 comments · Fixed by #10286
Assignees
@Mab879
Labels
CIS CIS Benchmark related. productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL9 Red Hat Enterprise Linux 9 product related.
Milestone
0.1.67

Comments

@yuumasato
Copy link
Member

Description of problem:

Kickstart install with CIS Level 2 (Workstation and Server) fails:

�[1;23r�[H�[23;1HSetting up the installation environment
�[1;24r�[H�[23;1H[   44.104964] anaconda[1450]: Traceback (most recent call last):

  File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 227, in run
    threading.Thread.run(self, *args, **kwargs)

  File "/usr/lib64/python2.7/threading.py", line 765, in run
    self.__target(*self.__args, **self.__kwargs)

  File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 186, in doInstall
    ksdata.addons.setup(storage, ksdata, instClass, payload)

  File "/usr/lib64/python2.7/site-packages/pyanaconda/addons.py", line 99, in setup
    v.setup(storage, ksdata, instClass, payload)

  File "/usr/share/anaconda/addons/org_fedora_oscap/ks/oscap.py", line 483, in setup
    raise errors.CmdlineError(msg)

CmdlineError: Wrong configuration detected!
/dev/shm must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
The installation should be aborted. Do you wish to continue anyway?
[   44.598659] anaconda[1450]: Thread Done: AnaInstallThread (140084418205440)
[   44.965327] anaconda[1450]: Traceback (most recent call last):

  File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 227, in run
    threading.Thread.run(self, *args, **kwargs)

  File "/usr/lib64/python2.7/threading.py", line 765, in run
    self.__target(*self.__args, **self.__kwargs)

  File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 186, in doInstall
    ksdata.addons.setup(storage, ksdata, instClass, payload)

  File "/usr/lib64/python2.7/site-packages/pyanaconda/addons.py", line 99, in setup
    v.setup(storage, ksdata, instClass, payload)

  File "/usr/share/anaconda/addons/org_fedora_oscap/ks/oscap.py", line 483, in setup
    raise errors.CmdlineError(msg)

CmdlineError: Wrong configuration detected!
/dev/shm must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
The installation should be aborted. Do you wish to continue anyway?
�[1;23r�[H�[23;1H
The installation was stopped due to an error which occurred while running in non-interactive cmdline mode. Since there cannot be any questions in cmdline mode, edit your kickstart file and retry installation. 
The exact error message is: 

Wrong configuration detected!
/dev/shm must be on a separate partition or logical volume and has to be created in the partitioning layout before installation can occur with a security profile
The installation should be aborted. Do you wish to continue anyway?. 

The installer will now terminate.

SCAP Security Guide Version:

Upstream as of 2ce85d7

Operating System Version:

RHEL 7 and RHEL9

Steps to Reproduce:

Example command to reproduce:

  1. virt-install --name=test_suite_vm --memory=4096 --vcpus=2 --hvm --network bridge=virbr0 --disk path=,size=20 --location --initrd-inject ssg-rhel7-cis-ks.cfg --wait 0 --graphics vnc --extra-args "ks=file:/ssg-rhel7-cis-ks.cfg ksdevice=eth0 console=ttyS0 inst.cmdline notmux systemd.journald.forward_to_console=1" --noautoconsole'

Actual Results:

Kickstart install is aborted.

Expected Results:

Kickstart install finishes.

Additional Information/Debugging Steps:

Probable related change: #10239

The RHEL7 and RHEL9 Kickstart files need be updated.
https://github.com/ComplianceAsCode/content/tree/master/products/rhel7/kickstart
@yuumasato yuumasato added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. RHEL7 Red Hat Enterprise Linux 7 product related. CIS CIS Benchmark related. labels Mar 1, 2023
@Mab879 Mab879 self-assigned this Mar 6, 2023
@Mab879 Mab879 added this to the 0.1.67 milestone Mar 6, 2023
@Mab879 Mab879 mentioned this issue Mar 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
CIS CIS Benchmark related. productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
0.1.67
Development

Successfully merging a pull request may close this issue.

Add /dev/shm to CIS Kickstarts Mab879/content
2 participants
@Mab879 @yuumasato