Do not create /root/openscap_data directory

In IB we put them right in the /root by default. Also, oscap_data does not follow XDG specs. As our Kickstart will become more complex we could run in race condition with it. The /root OTOH is always there.
jan-cerny · Jul 24, 2024 · 48b1043 · 48b1043
1 parent f39cff4
commit 48b1043
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c
@@ -1507,7 +1507,7 @@ static void _write_tailoring_to_fd(struct oscap_source *tailoring, int output_fd
 {
 	if (tailoring == NULL)
 		return;
-	_write_text_to_fd(output_fd, "cat >/root/openscap_data/tailoring.xml <<END_OF_TAILORING\n");
+	_write_text_to_fd(output_fd, "cat >/root/oscap_tailoring.xml <<END_OF_TAILORING\n");
 	oscap_source_to_fd(tailoring, output_fd);
 	_write_text_to_fd(output_fd, "END_OF_TAILORING\n");
 }
@@ -1517,17 +1517,16 @@ static int _generate_kickstart_post(struct kickstart_commands *cmds, const char
 	_write_text_to_fd(output_fd, "%post\n");
 	const char *fmt;
 	if (tailoring != NULL) {
-		fmt = "oscap xccdf eval --remediate --tailoring-file /root/openscap_data/tailoring.xml --results-arf /root/openscap_data/arf.xml --report /root/openscap_data/report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n";
+		fmt = "oscap xccdf eval --remediate --tailoring-file /root/oscap_tailoring.xml --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n";
 	} else {
-		fmt = "oscap xccdf eval --remediate --results-arf /root/openscap_data/arf.xml --report /root/openscap_data/report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n";
+		fmt = "oscap xccdf eval --remediate --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n";
 	}
 	char *dup = strdup(input_path);
 	char *basename = oscap_basename(dup);
 	free(dup);
 	char *oscap_command = oscap_sprintf(fmt, profile_id, basename);
 	free(basename);
 	_write_text_to_fd(output_fd, "# Perform OpenSCAP hardening (required for security compliance)\n");
-	_write_text_to_fd(output_fd, "mkdir -p /root/openscap_data\n");
 	_write_tailoring_to_fd(tailoring, output_fd);
 	_write_text_to_fd_and_free(output_fd, oscap_command);
 	struct oscap_iterator *post_it = oscap_iterator_new(cmds->post);

diff --git a/tests/API/XCCDF/unittests/test_remediation_kickstart.sh b/tests/API/XCCDF/unittests/test_remediation_kickstart.sh
@@ -27,9 +27,9 @@ function test_tailoring {
 
     grep -q 'services --enabled=auditd,rsyslog' "$kickstart"
     ! grep -q 'openssh-server' "$kickstart"
-    grep -q 'cat >/root/openscap_data/tailoring.xml <<END_OF_TAILORING' "$kickstart"
+    grep -q 'cat >/root/oscap_tailoring.xml <<END_OF_TAILORING' "$kickstart"
     grep -q 'ns0:Tailoring' "$kickstart"
-    grep -q 'oscap xccdf eval --remediate --tailoring-file /root/openscap_data/tailoring.xml' "$kickstart"
+    grep -q 'oscap xccdf eval --remediate --tailoring-file /root/oscap_tailoring.xml' "$kickstart"
 
     rm -rf "$kickstart"
     rm -rf "$stderr"