Skip to content

Rule file_permissions_boot_grub2 fails in Image Mode #14254

New issue
New issue
Open
Open
Rule file_permissions_boot_grub2 fails in Image Mode#14254
Assignees
Arden97
Labels
CISCIS Benchmark related.Image ModeBootable containers and Image Mode RHELRHEL10Red Hat Enterprise Linux 10 product related.blockedIssue that can't be fixed in content.productization-issueIssue found in upstream stabilization process.triaged
@jan-cerny

Description

@jan-cerny
jan-cerny
opened on Dec 18, 2025

Description of problem:

The upstream daily productization run has discovered that rule file_permissions_boot_grub2 fails in these tests on RHEL 10.2:

  • /hardening/container/bootc-image-builder/cis
  • /hardening/container/bootc-image-builder/cis_workstation_l2
  • /hardening/container/anaconda-ostree/cis
  • /hardening/container/anaconda-ostree/cis_workstation_l2
  • /hardening/container/old-new/cis
  • /hardening/container/old-new/cis_workstation_l2

SCAP Security Guide Version:

Current upstream master branch as of 2025-12-17 as of HEAD ef80c11

Operating System Version:

RHEL 10.2 RHEL-10.2-20251216.0

Steps to Reproduce:

  1. Deploy a RHEL 10.2 Image Mode system hardened with CIS Server or Workstation Level 2 profile.
  2. Run an oscap scan of the deployed system.

Actual Results:

Rule fails in the post-deployment verification scan.

Expected Results:

Rule passes in the post-deployment verification scan.

Additional Information/Debugging Steps:

it could be related to coreos/bootupd#952

Metadata

Metadata

Assignees

Labels

CISCIS Benchmark related.Image ModeBootable containers and Image Mode RHELRHEL10Red Hat Enterprise Linux 10 product related.blockedIssue that can't be fixed in content.productization-issueIssue found in upstream stabilization process.triaged

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions