[Open-scap] Using the mount_options within partition_state
Sven Vermeulen
sven.vermeulen at siphos.be
Sun Oct 30 18:45:20 UTC 2011
I'm trying to get a test working to validate if two mount options are given
(for instance, ensure that /tmp is mounted with nosuid and noexec). This
works nicely when I use a generic textfilecontent54_state expression, but
I'd like to use the partition_state information.
However, I fail to be able to select the proper mount_options and I'm not
sure how to proceed. The following is what I hope to achieve:
<lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:10001" version="1" comment="The file system is tmpfs">
<lin-def:fs_type>TMPFS_MAGIC</lin-def:fs_type>
<lin-def:mount_options>nosuid</lin-def:mount_options>
<lin-def:mount_options>noexec</lin-def:mount_options>
</lin-def:partition_state>
Now, I am aware that the schema doesn't allow multiple mount_options to be
declared, although this is of course the case with most partitions (that
multiple mount options are declared). But even using a single option to test
(nosuid) still gives a failure.
So, unless someone knows how to handle the mount_options variable...
Is there a way for OpenSCAP to show why a failure occurred (rather than just
that the test failed)? If I pull a report using oscap (the oval results)
then it shows the state as having multiple "mount options" (including nosuid
and noexec, not also "rw" and such).
It would be nice if it showed something like:
"Result: fail"
"Reason: Got '{rw},{nosuid},{noexec}', expected 'nosuid'"
Wkr,
Sven Vermeulen
More information about the Open-scap-list
mailing list