On 05/06/2014 05:53 AM, Shawn Wells wrote:
In short, I'm actually getting an OpenSCAP error from your code (which
takes ~8-10min to occur on a 2GB, 2x1.7GHz VM across a 2.5GB filesystem!):
$ ./testcheck.py file_permissions_ungroupowned.xml
Evaluating with OVAL tempfile :
/tmp/file_permissions_ungroupownedJB4bvk.xml
Writing results to : /tmp/file_permissions_ungroupownedJB4bvk.xml-results
OpenSCAP Error: Unable to close probe sd [oval_probe_ext.c:565]
(1) If I run the existing OVAL, it fails within a few seconds.
(2) If I then run your patch, it errors after 8-10min as shown above.
(3) If I then re-run the existing OVAL, I get the same OpenSCAP error.
(4) If I then reboot, I can re-run the existing OVAL, but still get the
OpenSCAP error on your code.
Looping in our allies within the OpenSCAP community. Peter/Martin/Simon,
any idea what could cause the OpenSCAP error?
That is when OpenSCAP library fails to close SEAP handler to the
collecting OVAL probe. In the past I have seen omkiller kicking probes
when evaluating poorly written content.
--
Simon Lukasik
Security Technologies, Red Hat, Inc.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
