Blame SOURCES/scap-security-guide-0.1.51-fix_rpm_verify_permissions_conflict_PR_5770.patch

c862b5
From bb039a92b4286c9090c0f40c82aefb967be2f5ba Mon Sep 17 00:00:00 2001
c862b5
From: Vojtech Polasek <vpolasek@redhat.com>
c862b5
Date: Thu, 14 May 2020 16:46:07 +0200
c862b5
Subject: [PATCH] reorder groups because of permissions verification
c862b5
c862b5
---
c862b5
 ssg/build_yaml.py | 6 ++++++
c862b5
 1 file changed, 6 insertions(+)
c862b5
c862b5
diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py
c862b5
index e3e138283c..c9f3179c08 100644
c862b5
--- a/ssg/build_yaml.py
c862b5
+++ b/ssg/build_yaml.py
c862b5
@@ -700,6 +700,11 @@ def to_xml_element(self):
c862b5
         # audit_rules_privileged_commands, othervise the rule
c862b5
         # does not catch newly installed screeen binary during remediation
c862b5
         # and report fail
c862b5
+        # the software group should come before the
c862b5
+        # bootloader-grub2 group because of conflict between
c862b5
+        # rules rpm_verify_permissions and file_permissions_grub2_cfg
c862b5
+        # specific rules concerning permissions should
c862b5
+        # be applied after the general rpm_verify_permissions
c862b5
         # The FIPS group should come before Crypto - if we want to set a different (stricter) Crypto Policy than FIPS.
c862b5
         # the firewalld_activation must come before ruleset_modifications, othervise
c862b5
         # remediations for ruleset_modifications won't work
c862b5
@@ -707,6 +712,7 @@ def to_xml_element(self):
c862b5
         # otherwise the remediation prints error although it is successful
c862b5
         priority_order = [
c862b5
             "accounts", "auditing",
c862b5
+            "software", "bootloader-grub2",
c862b5
             "fips", "crypto",
c862b5
             "firewalld_activation", "ruleset_modifications",
c862b5
             "disabling_ipv6", "configuring_ipv6"