Skip to content

Commit

Permalink
rhel8: Ignore new fapolicyd rule
Browse files Browse the repository at this point in the history 
A new rule has been introduced to openscap recently that breaks rhel8
runs. It seems to restrictive for our purposes, so let's ignore it.

Signed-off-by: Marcin Sobczyk <msobczyk@redhat.com>
  • Loading branch information
@tinez @michalskrivanek
tinez authored and michalskrivanek committed Mar 3, 2023
1 parent 819bfb4 commit 6da63ba
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions provision-base.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ if [ -s /root/ost_images_openscap_profile ]; then
ignored_oscap_rules+=(xccdf_org.ssgproject.content_rule_grub2_admin_username)
# Set Boot Loader Password in grub2 (not applicable for HE)
ignored_oscap_rules+=(xccdf_org.ssgproject.content_rule_grub2_password)
# Configure Fapolicy Module to Employ a Deny-all, Permit-by-exception Policy to Allow the Execution of Authorized Software Programs.
ignored_oscap_rules+=(xccdf_org.ssgproject.content_rule_fapolicy_default_deny)

# Based on https://github.com/ComplianceAsCode/content/blob/master/tests/ds_unselect_rules.sh
DS=ssg-rhel8-ds.xml
Expand Down

0 comments on commit 6da63ba

Please sign in to comment.