RHEL-07-020680 fails when user has Mindpoint RHEL7-STIG in their home directory

Question

RHEL-07-020680 fails when user has Mindpoint RHEL7-STIG in their home directory

JuddTracy-DAS opened this issue 4 years ago · comments

I am having an issue where RHEL-07-020680 is failing when it inspects the Mindpoint RHEL7-STIG role. Seems to be a recursion issue since the tests directory has a symlink that points to ../

TASK [MindPointGroup.RHEL7-STIG : MEDIUM | RHEL-07-020680 | PATCH | The Red Hat Enterprise Linux operating system must be configured so that all files and directories contained in local interactive user home directories have a mode of 0750 or less permissive.] ***
task path: /home/ansible/scan/roles/MindPointGroup.RHEL7-STIG/tasks/fix-cat2.yml:1237
The full traceback is:
WARNING: The below traceback may *not* be related to the actual failure.
  File "/tmp/ansible_file_payload_y0Qlyv/ansible_file_payload.zip/ansible/module_utils/basic.py", line 866, in selinux_context
    ret = selinux.lgetfilecon_raw(to_native(path, errors='surrogate_or_strict'))
failed: [centos7-test] (item=/home/ansible) => changed=false
  ansible_loop_var: item
  invocation:
    module_args:
      _diff_peek: null
      _original_basename: null
      access_time: null
      access_time_format: '%Y%m%d%H%M.%S'
      attributes: null
      backup: null
      content: null
      delimiter: null
      directory_mode: null
      follow: true
      force: false
      group: null
      mode: a-st,g-w,o-rwx
      modification_time: null
      modification_time_format: '%Y%m%d%H%M.%S'
      owner: null
      path: /home/ansible
      recurse: true
      regexp: null
      remote_src: null
      selevel: null
      serole: null
      setype: null
      seuser: null
      src: null
      state: directory
      unsafe_writes: null
  item:
  - /home/ansible
  - atime: 1591732553.877786
    attr_flags: ''
    attributes: []
    block_size: 4096
    blocks: 0
    charset: binary
    ctime: 1591733288.2034028
    dev: 2049
    device_type: 0
    executable: true
    exists: true
    gid: 1000
    gr_name: ansible
    inode: 8412000
    isblk: false
    ischr: false
    isdir: true
    isfifo: false
    isgid: false
    islnk: false
    isreg: false
    issock: false
    isuid: false
    mimetype: inode/directory
    mode: '0700'
    mtime: 1591733288.2034028
    nlink: 5
    path: /home/ansible
    pw_name: ansible
    readable: true
    rgrp: false
    roth: false
    rusr: true
    size: 150
    uid: 1000
    version: '1988034014'
    wgrp: false
    woth: false
    writeable: true
    wusr: true
    xgrp: false
    xoth: false
    xusr: true
  msg: failed to retrieve selinux context
  path: /home/ansible/RHEL7-STIG/tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../tests/../.git/objects/pack/pack-c708036efd40d5ff8b9d5ef116515340cfda20b8.pack

James Cassell · Answer 1 · Wed Jun 10 2020 05:28:18 GMT+0800 (China Standard Time)

Looks like a bug in ansible itself.

JuddTracy-DAS · Answer 2 · Wed Jun 10 2020 05:57:09 GMT+0800 (China Standard Time)

So I changed the file module in that block of code to have follow: False and it stops the error. But I don't know if there are any other repercussions from making that change. I don't think there is not sure.