Open kingsleyzissou opened 1 year ago
ggbecker
commented
1 year ago This unfortunately cannot be parameterized, the following code adds this backup feature:
and
The only solution I see here is to remove this backup feature. Maybe @marcusburghardt has some other ideas.
marcusburghardt
commented
1 year ago Yes, we can update the macro to make the backup optional or even based in a conditional. I will take a look on this.
ggbecker
commented
1 year ago Yes, we can update the macro to make the backup optional or even based in a conditional. I will take a look on this.
The question is, how are you going to control this via the remediation. I don't think we can do it just with the fact that the scanning runs on offline mode.
marcusburghardt
commented
1 year ago Yes, we can update the macro to make the backup optional or even based in a conditional. I will take a look on this.
The question is, how are you going to control this via the remediation. I don't think we can do it just with the fact that the scanning runs on offline mode.
I don't know details now, but it is something I expect to figure out when investigating the case.
marcusburghardt
commented
1 year ago
Share the context
We are currently updating our osbuild stage tests [1] and ran into an issue with the OpenSCAP remediation tests. The test basically creates an image with remediations and one without and compares the diff of the two images. We noticed that
authselectwas creating backups.Description of problem:
The OpenSCAP offline remediation created backups for a freshly created image.
OS:
Fedora-38Version:
scap-security-guide-0.1.68-1.fc38Proposed change:
Backups for an already running system makes sense, however, we were wondering if it makes sense to enable these for a freshly created image? Would it be possible to disable the backups in offline mode?
References: