Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

templates/mount_option: Switch mount Ansible remediation module's state back to 'mounted' #10432

Merged
merged 1 commit into from
Apr 6, 2023
Merged

templates/mount_option: Switch mount Ansible remediation module's state back to 'mounted' #10432

merged 1 commit into from
Apr 6, 2023

Conversation

evgenyz
Copy link
Member

@evgenyz evgenyz commented Apr 6, 2023
edited
Loading

Description:

  • With the way the remediation works (a step for every option to check), it overwrites previously fixed /etc/fstab entry with obsolete data if the mount point is not re-mounted.
  • This might cause problems for offline systems, but we are not going to use Ansible for offline remediation. At least for now.

Rationale:

@evgenyz
templates/mount_option: Switch mount Ansible remediation module's state
858ff21 
back to 'mounted'

This might cause problems for offline systems, but we are not going
to use Ansible for offline remediation. At least for now.
@github-actions
Copy link

github-actions bot commented Apr 6, 2023

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Apr 6, 2023

Code Climate has analyzed commit 858ff21 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.4% (0.0% change).

View more on Code Climate.

@evgenyz evgenyz added the bugfix Fixes to reported bugs. label Apr 6, 2023
@Mab879
Copy link
Member

Mab879 commented Apr 6, 2023

Can you please propose this to the stabilization branch as well?

@marcusburghardt marcusburghardt added this to the 0.1.67 milestone Apr 6, 2023
@marcusburghardt marcusburghardt self-assigned this Apr 6, 2023
@marcusburghardt marcusburghardt added the Ansible Ansible remediation update. label Apr 6, 2023
@marcusburghardt
Copy link
Member

marcusburghardt commented Apr 6, 2023
edited
Loading

I confirm the PR fixes both issues mentioned in the description:

rhel8 - mount_option_dev_shm_noexec - bash VM
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec
INFO - Script runtime.pass.sh using profile (all) OK
INFO - Script separate.pass.sh using profile (all) OK
INFO - Script fstab.fail.sh using profile (all) OK
INFO - Script no_partition.fail.sh using profile (all) OK

rhel8 - mount_option_dev_shm_noexec - ansible VM
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec
INFO - Script separate.pass.sh using profile (all) OK
INFO - Script fstab.fail.sh using profile (all) OK
INFO - Script runtime.pass.sh using profile (all) OK
INFO - Script no_partition.fail.sh using profile (all) OK

rhel8 - mount_option_var_log_audit_nosuid - bash VM
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nosuid
INFO - Script fstab.fail.sh using profile (all) OK
INFO - Script separate.pass.sh using profile (all) OK
INFO - Script runtime.pass.sh using profile (all) OK

rhel8 - mount_option_var_log_audit_nosuid - ansible VM
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - xccdf_org.ssgproject.content_rule_mount_option_var_log_audit_nosuid
INFO - Script fstab.fail.sh using profile (all) OK
INFO - Script separate.pass.sh using profile (all) OK
INFO - Script runtime.pass.sh using profile (all) OK

marcusburghardt
marcusburghardt approved these changes Apr 6, 2023
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Could you also propose it to the stabilization branch, please?

@Mab879 Mab879 mentioned this pull request Apr 6, 2023
Merged
@Mab879 Mab879 added the backported-into-stabilization PRs which were cherry-picked during stabilization process. label Apr 6, 2023
marcusburghardt added a commit that referenced this pull request Apr 6, 2023
@marcusburghardt
Merge pull request #10439 from Mab879/backport_10432
9c26f77 
Backport #10432
@marcusburghardt marcusburghardt merged commit 1ed1c82 into ComplianceAsCode:master Apr 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@marcusburghardt marcusburghardt

Labels
Ansible Ansible remediation update. backported-into-stabilization PRs which were cherry-picked during stabilization process. bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.67
3 participants
@evgenyz @Mab879 @marcusburghardt