Re: [Open-scap] Anaconda Addon and Tail

Mon, 20 Mar 2017 02:55:27 -0700 

Hello,

----- Original Message -----
> From: spammewo...@cox.net
> To: open-scap-list@redhat.com
> Sent: Friday, March 17, 2017 6:09:43 PM
> Subject: [Open-scap] Anaconda Addon and Tail
> 
> I am trying to create a kickstart file for a custom RHEL 7.3 DVD and I want
> to use the Anaconda oscap addon.    The addon works well with the default
> setting,  but I'm having an issue using it with a tailored file that I
> created through the openscap workbench.    I am getting the error messages
> "OpenSCAP Error: Unable to open file:
> /run/install/repo/scap/ssg-rhel7-ds.xml [scap_source.c264]"  and
> "Unrecognized document type for /run/install/repo/scap/ssg-rhel7-ds.xml
> {oscap_source.c307]"

I am guessing the issue is there, because OAA tries to open wrong /
non-existent file (it tries "/run/install/repo/scap/ssg-rhel7-ds.xml"
instead of "../../../../run/install/repo/scap/ssg-rhel7-ds.xml")

> 
> Here is the addon section from my kickstart file.
> 
> %addon org_fedora_oscap
>     content-type = scap-security-guide
>     profile = stig-rhel7-workstation-upstream
>     tailoring-path = ../../../../run/install/repo/scap/ssg-rhel7-ds.xml
> %end
> 
> Does anyone know what I'm doing wrong ?

AFAICT in the default installation, anaconda creates chroot and mounts
"/mnt/sysimage" as "/". If you want to use DS file outside of chroot, simple
"reference to parent folder" won't work. You either first need to copy that DS
file under the chroot tree. Something like here:
  
http://www.smorgasbork.com/2012/01/04/building-a-custom-centos-7-kickstart-disc-part-4/

IOW have the %post section to have two stages (in first copy the DS file, in the
latter use it).

Another option is to put that DS file on some remotely accessible HTTP server,
and tell OAA to fetch that DS file remotely (this might be actually easier 
option
that modifying the %post section).

> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
> 

HTH, Jan

_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to