Running newer versions of ocap in remediation-mode will horribly break a system if one doesn't ensure that suitable fapolicyd rule-files are present when oscap enables "default-deny" mode. This modification necessary to due some questionable logical-assumptions in Red Hat's installation-routines for the fapolicyd RPM.
Running newer versions of
ocapin remediation-mode will horribly break a system if one doesn't ensure that suitablefapolicydrule-files are present whenoscapenables "default-deny" mode. This modification necessary to due some questionable logical-assumptions in Red Hat's installation-routines for thefapolicydRPM.Closes #484