OCPBUGS-55180: Fix file groupowner oval template on OCP #13357

Vincent056 · 2025-04-17T15:29:50Z

We should use /usr/lib/group instead of /etc/group on OCP4

8000

This update adds two locations to check group id—one for /etc/group and one for /usr/lib/group—and combine them in a local_variable via set_operator="UNION". As a result, the rule will correctly resolve groups that are defined in either location.

OCPBUGS-55180

rhmdnd · 2025-04-17T15:34:51Z

This might be related: #13177

…group and /usr/lib/group This update adds two textfilecontent54_objects—one for /etc/group and one for /usr/lib/group—and unites them in a local_variable via set_operator="UNION". As a result, the rule will correctly resolve groups that are defined in either location.

Vincent056 · 2025-04-17T17:31:33Z

/test

openshift-ci · 2025-04-17T17:31:37Z

@Vincent056: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

/test 4.12-e2e-aws-ocp4-cis

/test 4.12-e2e-aws-ocp4-cis-node

/test 4.12-e2e-aws-ocp4-e8

/test 4.12-e2e-aws-ocp4-high

/test 4.12-e2e-aws-ocp4-high-node

/test 4.12-e2e-aws-ocp4-moderate

/test 4.12-e2e-aws-ocp4-moderate-node

/test 4.12-e2e-aws-ocp4-pci-dss

/test 4.12-e2e-aws-ocp4-pci-dss-4-0

/test 4.12-e2e-aws-ocp4-pci-dss-node

/test 4.12-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.12-e2e-aws-ocp4-stig

/test 4.12-e2e-aws-ocp4-stig-node

/test 4.12-e2e-aws-rhcos4-e8

/test 4.12-e2e-aws-rhcos4-high

/test 4.12-e2e-aws-rhcos4-moderate

/test 4.12-e2e-aws-rhcos4-stig

/test 4.12-images

/test 4.13-e2e-aws-ocp4-bsi

/test 4.13-e2e-aws-ocp4-bsi-node

/test 4.13-e2e-aws-ocp4-cis

/test 4.13-e2e-aws-ocp4-cis-node

/test 4.13-e2e-aws-ocp4-e8

/test 4.13-e2e-aws-ocp4-high

/test 4.13-e2e-aws-ocp4-high-node

/test 4.13-e2e-aws-ocp4-moderate

/test 4.13-e2e-aws-ocp4-moderate-node

/test 4.13-e2e-aws-ocp4-pci-dss

/test 4.13-e2e-aws-ocp4-pci-dss-4-0

/test 4.13-e2e-aws-ocp4-pci-dss-node

/test 4.13-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.13-e2e-aws-ocp4-stig

/test 4.13-e2e-aws-ocp4-stig-node

/test 4.13-e2e-aws-rhcos4-bsi

/test 4.13-e2e-aws-rhcos4-e8

/test 4.13-e2e-aws-rhcos4-high

/test 4.13-e2e-aws-rhcos4-moderate

/test 4.13-e2e-aws-rhcos4-stig

/test 4.13-images

/test 4.14-e2e-aws-ocp4-bsi

/test 4.14-e2e-aws-ocp4-bsi-node

/test 4.14-e2e-aws-ocp4-pci-dss-4-0

/test 4.14-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.14-e2e-aws-rhcos4-bsi

/test 4.14-images

/test 4.15-e2e-aws-ocp4-bsi

/test 4.15-e2e-aws-ocp4-bsi-node

/test 4.15-e2e-aws-ocp4-cis

/test 4.15-e2e-aws-ocp4-cis-node

/test 4.15-e2e-aws-ocp4-e8

/test 4.15-e2e-aws-ocp4-high

/test 4.15-e2e-aws-ocp4-high-node

/test 4.15-e2e-aws-ocp4-moderate

/test 4.15-e2e-aws-ocp4-moderate-node

/test 4.15-e2e-aws-ocp4-pci-dss

/test 4.15-e2e-aws-ocp4-pci-dss-4-0

/test 4.15-e2e-aws-ocp4-pci-dss-node

/test 4.15-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.15-e2e-aws-ocp4-stig

/test 4.15-e2e-aws-ocp4-stig-node

/test 4.15-e2e-aws-rhcos4-bsi

/test 4.15-e2e-aws-rhcos4-e8

/test 4.15-e2e-aws-rhcos4-high

/test 4.15-e2e-aws-rhcos4-moderate

/test 4.15-e2e-aws-rhcos4-stig

/test 4.15-e2e-rosa-ocp4-cis-node

/test 4.15-e2e-rosa-ocp4-pci-dss-node

/test 4.15-images

/test 4.16-e2e-aws-ocp4-bsi

/test 4.16-e2e-aws-ocp4-bsi-node

/test 4.16-e2e-aws-ocp4-cis

/test 4.16-e2e-aws-ocp4-cis-node

/test 4.16-e2e-aws-ocp4-e8

/test 4.16-e2e-aws-ocp4-high

/test 4.16-e2e-aws-ocp4-high-node

/test 4.16-e2e-aws-ocp4-moderate

/test 4.16-e2e-aws-ocp4-moderate-node

/test 4.16-e2e-aws-ocp4-pci-dss

/test 4.16-e2e-aws-ocp4-pci-dss-4-0

/test 4.16-e2e-aws-ocp4-pci-dss-node

/test 4.16-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.16-e2e-aws-ocp4-stig

/test 4.16-e2e-aws-ocp4-stig-node

/test 4.16-e2e-aws-rhcos4-bsi

/test 4.16-e2e-aws-rhcos4-e8

/test 4.16-e2e-aws-rhcos4-high

/test 4.16-e2e-aws-rhcos4-moderate

/test 4.16-e2e-aws-rhcos4-stig

/test 4.16-images

/test 4.17-e2e-aws-ocp4-bsi

/test 4.17-e2e-aws-ocp4-bsi-node

/test 4.17-e2e-aws-ocp4-cis

/test 4.17-e2e-aws-ocp4-cis-node

/test 4.17-e2e-aws-ocp4-e8

/test 4.17-e2e-aws-ocp4-high

/test 4.17-e2e-aws-ocp4-high-node

/test 4.17-e2e-aws-ocp4-moderate

/test 4.17-e2e-aws-ocp4-moderate-node

/test 4.17-e2e-aws-ocp4-pci-dss

/test 4.17-e2e-aws-ocp4-pci-dss-4-0

/test 4.17-e2e-aws-ocp4-pci-dss-node

/test 4.17-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.17-e2e-aws-ocp4-stig

/test 4.17-e2e-aws-ocp4-stig-node

/test 4.17-e2e-aws-rhcos4-bsi

/test 4.17-e2e-aws-rhcos4-e8

/test 4.17-e2e-aws-rhcos4-high

/test 4.17-e2e-aws-rhcos4-moderate

/test 4.17-e2e-aws-rhcos4-stig

/test 4.17-images

/test 4.18-e2e-aws-ocp4-bsi

/test 4.18-e2e-aws-ocp4-bsi-node

/test 4.18-e2e-aws-ocp4-cis

/test 4.18-e2e-aws-ocp4-cis-node

/test 4.18-e2e-aws-ocp4-e8

/test 4.18-e2e-aws-ocp4-high

/test 4.18-e2e-aws-ocp4-high-node

/test 4.18-e2e-aws-ocp4-moderate

/test 4.18-e2e-aws-ocp4-moderate-node

/test 4.18-e2e-aws-ocp4-pci-dss

/test 4.18-e2e-aws-ocp4-pci-dss-4-0

/test 4.18-e2e-aws-ocp4-pci-dss-node

/test 4.18-e2e-aws-ocp4-pci-dss-node-4-0

/test 4.18-e2e-aws-ocp4-stig

/test 4.18-e2e-aws-ocp4-stig-node

/test 4.18-e2e-aws-rhcos4-bsi

/test 4.18-e2e-aws-rhcos4-e8

/test 4.18-e2e-aws-rhcos4-high

/test 4.18-e2e-aws-rhcos4-moderate

/test 4.18-e2e-aws-rhcos4-stig

/test 4.18-images

/test e2e-aws-ocp4-bsi

/test e2e-aws-ocp4-bsi-node

/test e2e-aws-ocp4-cis

/test e2e-aws-ocp4-cis-arm

/test e2e-aws-ocp4-cis-node

/test e2e-aws-ocp4-cis-node-arm

/test e2e-aws-ocp4-e8

/test e2e-aws-ocp4-high

/test e2e-aws-ocp4-high-node

/test e2e-aws-ocp4-moderate

/test e2e-aws-ocp4-moderate-arm

/test e2e-aws-ocp4-moderate-node

/test e2e-aws-ocp4-moderate-node-arm

/test e2e-aws-ocp4-pci-dss

/test e2e-aws-ocp4-pci-dss-4-0

/test e2e-aws-ocp4-pci-dss-node

/test e2e-aws-ocp4-pci-dss-node-4-0

/test e2e-aws-ocp4-stig

/test e2e-aws-ocp4-stig-node

/test e2e-aws-rhcos4-bsi

/test e2e-aws-rhcos4-e8

/test e2e-aws-rhcos4-high

/test e2e-aws-rhcos4-moderate

/test e2e-aws-rhcos4-moderate-arm

/test e2e-aws-rhcos4-stig

/test images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-ComplianceAsCode-content-master-4.12-images

pull-ci-ComplianceAsCode-content-master-4.13-images

pull-ci-ComplianceAsCode-content-master-4.14-images

pull-ci-ComplianceAsCode-content-master-4.15-images

pull-ci-ComplianceAsCode-content-master-4.16-images

pull-ci-ComplianceAsCode-content-master-4.17-images

pull-ci-ComplianceAsCode-content-master-4.18-images

pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Vincent056 · 2025-04-17T17:31:52Z

/test e2e-aws-ocp4-cis-node

codeclimate · 2025-04-17T17:59:46Z

Code Climate has analyzed commit aeea693 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

rhmdnd · 2025-04-17T18:51:31Z

/test e2e-aws-ocp4-cis-node
/test 4.12-images
/test 4.13-images
/test 4.14-images
/test 4.15-images
/test 4.16-images
/test 4.17-images
/test 4.18-images

Vincent056 · 2025-04-18T20:20:53Z

/test e2e-aws-ocp4-cis-node
/test 4.13-images

Vincent056 · 2025-04-18T20:23:10Z

retest, it was not able to setup the cluster

rhmdnd · 2025-04-22T17:28:06Z

/ok-to-test

rhmdnd

/lgtm

Vincent056 force-pushed the file-g branch from b6a8656 to 3b054ca Compare April 17, 2025 16:06

Vincent056 force-pushed the file-g branch from 3b054ca to aeea693 Compare April 17, 2025 17:31

Mab879 added this to the 0.1.77 milestone Apr 17, 2025

Mab879 added the Infrastructure Our content build system label Apr 17, 2025

Vincent056 requested a review from jan-cerny April 18, 2025 20:26

Vincent056 changed the title ~~OCP4: Fix file groupowner oval template~~ OCPBUGS-55180: Fix file groupowner oval template on OCP Apr 21, 2025

openshift-ci bot added the ok-to-test Used by openshift-ci bot. label Apr 22, 2025

rhmdnd approved these changes Apr 22, 2025

View reviewed changes

rhmdnd merged commit 5d2caff into ComplianceAsCode:master Apr 22, 2025
110 of 111 checks passed

jan-cerny assigned rhmdnd Apr 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OCPBUGS-55180: Fix file groupowner oval template on OCP #13357

OCPBUGS-55180: Fix file groupowner oval template on OCP #13357

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

OCPBUGS-55180: Fix file groupowner oval template on OCP #13357

OCPBUGS-55180: Fix file groupowner oval template on OCP #13357

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!