|
 |
44eea6 |
From 4a4c12bf3058079bc2336db9e7330aa869b0753f Mon Sep 17 00:00:00 2001
|
|
|
44eea6 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
44eea6 |
Date: Thu, 31 Oct 2019 16:00:52 +0100
|
|
|
44eea6 |
Subject: [PATCH 1/2] Use only first occurence from /etc/mtab
|
|
|
44eea6 |
|
|
|
44eea6 |
The mount options of the first entry will be used. If there are
|
|
|
44eea6 |
multiple lines in `/etc/mtab` that match the same mount point, the
|
|
|
44eea6 |
variable `_previous_mount_opts` contained newline characters. These
|
|
|
44eea6 |
newlines were propagated to `/etc/fstab`. As a result, an invalid entry
|
|
|
44eea6 |
in /etc/fstab was created, `mount` command hasn't been successful and
|
|
|
44eea6 |
the oscap scan after remediation returned false.
|
|
|
44eea6 |
---
|
|
|
44eea6 |
.../include_mount_options_functions.sh | 2 +-
|
|
|
44eea6 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
44eea6 |
|
|
|
44eea6 |
diff --git a/shared/bash_remediation_functions/include_mount_options_functions.sh b/shared/bash_remediation_functions/include_mount_options_functions.sh
|
|
|
44eea6 |
index 392367dc05..7e81e8c711 100644
|
|
|
44eea6 |
--- a/shared/bash_remediation_functions/include_mount_options_functions.sh
|
|
|
44eea6 |
+++ b/shared/bash_remediation_functions/include_mount_options_functions.sh
|
|
|
44eea6 |
@@ -27,7 +27,7 @@ function ensure_mount_option_in_fstab {
|
|
|
44eea6 |
|
|
|
44eea6 |
if [ "$(grep -c "$_mount_point_match_regexp" /etc/fstab)" -eq 0 ]; then
|
|
|
44eea6 |
# runtime opts without some automatic kernel/userspace-added defaults
|
|
|
44eea6 |
- _previous_mount_opts=$(grep "$_mount_point_match_regexp" /etc/mtab | awk '{print $4}' \
|
|
|
44eea6 |
+ _previous_mount_opts=$(grep "$_mount_point_match_regexp" /etc/mtab | head -1 | awk '{print $4}' \
|
|
|
44eea6 |
| sed -E "s/(rw|defaults|seclabel|${_new_opt})(,|$)//g;s/,$//")
|
|
|
44eea6 |
[ "$_previous_mount_opts" ] && _previous_mount_opts+=","
|
|
|
44eea6 |
echo "${_device} ${_mount_point} ${_type} defaults,${_previous_mount_opts}${_new_opt} 0 0" >> /etc/fstab
|
|
|
44eea6 |
|
|
|
44eea6 |
From 0a7f149efed656fe61ab3e873055fd630054f5f5 Mon Sep 17 00:00:00 2001
|
|
|
44eea6 |
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
|
|
44eea6 |
Date: Fri, 1 Nov 2019 14:50:42 +0100
|
|
|
44eea6 |
Subject: [PATCH 2/2] Add test scenario for multiple entries in mtab
|
|
|
44eea6 |
|
|
|
44eea6 |
---
|
|
|
44eea6 |
.../tests/multiple_entries_in_mtab.fail.sh | 9 +++++++++
|
|
|
44eea6 |
1 file changed, 9 insertions(+)
|
|
|
44eea6 |
create mode 100644 linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/tests/multiple_entries_in_mtab.fail.sh
|
|
|
44eea6 |
|
|
|
44eea6 |
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/tests/multiple_entries_in_mtab.fail.sh b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/tests/multiple_entries_in_mtab.fail.sh
|
|
|
44eea6 |
new file mode 100644
|
|
|
44eea6 |
index 0000000000..dd56f9bb6c
|
|
|
44eea6 |
--- /dev/null
|
|
|
44eea6 |
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/tests/multiple_entries_in_mtab.fail.sh
|
|
|
44eea6 |
@@ -0,0 +1,9 @@
|
|
|
44eea6 |
+#!/bin/bash
|
|
|
44eea6 |
+# profiles = xccdf_org.ssgproject.content_profile_ospp
|
|
|
44eea6 |
+
|
|
|
44eea6 |
+cat /etc/mtab > /etc/mtab.old
|
|
|
44eea6 |
+# destroy symlink
|
|
|
44eea6 |
+rm -f /etc/mtab
|
|
|
44eea6 |
+cp /etc/mtab.old /etc/mtab
|
|
|
44eea6 |
+echo "tmpfs /dev/shm tmpfs rw,seclabel,relatime 0 0" >> /etc/mtab
|
|
|
44eea6 |
+echo "tmpfs /dev/shm tmpfs rw,seclabel,relatime 0 0" >> /etc/mtab
|