search

OpenSCAP / openscap-daemon

Manages continuous scans of your infrastructure
https://www.open-scap.org/tools/openscap-daemon
GNU Lesser General Public License v2.1
106 stars 32 forks source link

A false warning thrown by oscapd-evaluate in atomic scan #103

Closed jan-cerny closed 6 years ago

jan-cerny commented 7 years ago

When we run atomic scan, we don't have docker installed inside the openscap container 😬 Therefore the warning that container scanning is disabled is a false warning, because we actually scan a container, just oscapd doesn't know about it.

[root@thinkpad atomic]# atomic  scan --verbose a2d9f633eaab
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2017-06-06-14-08-22-857365:/scanin -v /var/lib/atomic/openscap/2017-06-06-14-08-22-857365:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro openscap-docker-testing oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1
INFO:OpenSCAP Daemon one-off evaluator 0.1.7
WARNING:Can't import the 'docker' package. Container scanning functionality will be disabled.
...
...
mpreisler commented 6 years ago

The warning is confusing but it is technically correct.

https://www.youtube.com/watch?v=hou0lU8WMgo

mpreisler commented 6 years ago

Fixed by 05535ac8f0a07acbabe9147546999bd054050c90