Improve rule file_permissions_ungroupowned for use in bootable containers #12584
+52
−5
Commits on Nov 7, 2024
-
Exclude the /sysroot directory
In systems based on bootable container images the `/sysroot` directory contains the filesystem of the image which should be excluded from the scanned files check.
-
Add support for /usr/lib/group
If the `nss-altfiles` are installed and `/etc/nsswitch.conf` is configured to use `nss-altfiles`, the users group can be defined als in `/usr/lib/group` next to `/etc/group`. The `/usr/lib/group` is a valid source of group definitions and therefore needs to be consulted during the check if nsswitch is configured to use this file. The `nss-altfiles` is often used in bootable containers base images.
-
Add new Automatus test scenarios for rule file_permissions_ungroupowned that cover recent changes - exclusion of /sysroot and addition of /usr/lib/group as second source of group data.
-
Reflects the recent change that the check now considers /usr/lib/group in addition.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.