From db4629ef68a6d080109d2f69db89b2954b0e9121 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Tue, 26 Jan 2021 12:22:11 +0200 Subject: [PATCH] ocp4: openvswitch's conf.db and lock are now owned by a different group This updates the appropriate rules to reflect a recent change in openvswitch that changes the group ownership of the aforementioned files. This was hitting CI. Signed-off-by: Juan Antonio Osorio Robles --- .../openshift/master/file_groupowner_ovs_conf_db/rule.yml | 8 ++++---- .../master/file_groupowner_ovs_conf_db_lock/rule.yml | 8 ++++---- .../master/file_groupowner_ovs_sys_id_conf/rule.yml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db/rule.yml index 61f56da2172..44a001b8342 100644 --- a/applications/openshift/master/file_groupowner_ovs_conf_db/rule.yml +++ b/applications/openshift/master/file_groupowner_ovs_conf_db/rule.yml @@ -5,7 +5,7 @@ prodtype: ocp4 title: 'Verify Group Who Owns The Open vSwitch Configuration Database' description: |- - {{{ describe_file_group_owner(file="/etc/openvswitch/conf.db", group="openvswitch") }}} + {{{ describe_file_group_owner(file="/etc/openvswitch/conf.db", group="hugetlbfs") }}} rationale: |- CNI (Container Network Interface) files consist of a specification and libraries for @@ -21,13 +21,13 @@ identifiers: references: cis: 1.1.9 -ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/conf.db", group="openvswitch") }}}' +ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/conf.db", group="hugetlbfs") }}}' ocil: |- - {{{ ocil_file_group_owner(file="/etc/openvswitch/conf.db", group="openvswitch") }}} + {{{ ocil_file_group_owner(file="/etc/openvswitch/conf.db", group="hugetlbfs") }}} template: name: file_groupowner vars: filepath: /etc/openvswitch/conf.db - filegid: '800' + filegid: '801' diff --git a/applications/openshift/master/file_groupowner_ovs_conf_db_lock/rule.yml b/applications/openshift/master/file_groupowner_ovs_conf_db_lock/rule.yml index a5421dee30a..c38db07b245 100644 --- a/applications/openshift/master/file_groupowner_ovs_conf_db_lock/rule.yml +++ b/applications/openshift/master/file_groupowner_ovs_conf_db_lock/rule.yml @@ -5,7 +5,7 @@ prodtype: ocp4 title: 'Verify Group Who Owns The Open vSwitch Configuration Database Lock' description: |- - {{{ describe_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="openvswitch") }}} + {{{ describe_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="hugetlbfs") }}} rationale: |- CNI (Container Network Interface) files consist of a specification and libraries for @@ -21,13 +21,13 @@ identifiers: references: cis: 1.1.9 -ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="openvswitch") }}}' +ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="hugetlbfs") }}}' ocil: |- - {{{ ocil_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="openvswitch") }}} + {{{ ocil_file_group_owner(file="/etc/openvswitch/.conf.db.~lock~", group="hugetlbfs") }}} template: name: file_groupowner vars: filepath: /etc/openvswitch/.conf.db.~lock~ - filegid: '800' + filegid: '801' diff --git a/applications/openshift/master/file_groupowner_ovs_sys_id_conf/rule.yml b/applications/openshift/master/file_groupowner_ovs_sys_id_conf/rule.yml index b4b32c1d412..052a2a383f4 100644 --- a/applications/openshift/master/file_groupowner_ovs_sys_id_conf/rule.yml +++ b/applications/openshift/master/file_groupowner_ovs_sys_id_conf/rule.yml @@ -5,7 +5,7 @@ prodtype: ocp4 title: 'Verify Group Who Owns The Open vSwitch Persistent System ID' description: |- - {{{ describe_file_group_owner(file="/etc/openvswitch/system-id.conf", group="openvswitch") }}} + {{{ describe_file_group_owner(file="/etc/openvswitch/system-id.conf", group="hugetlbfs") }}} rationale: |- CNI (Container Network Interface) files consist of a specification and libraries for @@ -21,13 +21,13 @@ identifiers: references: cis: 1.1.9 -ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/system-id.conf", group="openvswitch") }}}' +ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/openvswitch/system-id.conf", group="hugetlbfs") }}}' ocil: |- - {{{ ocil_file_group_owner(file="/etc/openvswitch/system-id.conf", group="openvswitch") }}} + {{{ ocil_file_group_owner(file="/etc/openvswitch/system-id.conf", group="hugetlbfs") }}} template: name: file_groupowner vars: filepath: /etc/openvswitch/system-id.conf - filegid: '800' + filegid: '801'