Skip to content

Rule file_permissions_boot_grub2 fails in Image Mode #14254

New issue
New issue
Open
Open
Rule file_permissions_boot_grub2 fails in Image Mode#14254
Labels
CISCIS Benchmark related.Image ModeBootable containers and Image Mode RHELRHEL10Red Hat Enterprise Linux 10 product related.productization-issueIssue found in upstream stabilization process.
@jan-cerny

Description

@jan-cerny
jan-cerny
opened on Dec 18, 2025

Description of problem:

The upstream daily productization run has discovered that rule file_permissions_boot_grub2 fails in these tests on RHEL 10.2:

  • /hardening/container/bootc-image-builder/cis
  • /hardening/container/bootc-image-builder/cis_workstation_l2
  • /hardening/container/anaconda-ostree/cis
  • /hardening/container/anaconda-ostree/cis_workstation_l2
  • /hardening/container/old-new/cis
  • /hardening/container/old-new/cis_workstation_l2

SCAP Security Guide Version:

Current upstream master branch as of 2025-12-17 as of HEAD ef80c11

Operating System Version:

RHEL 10.2 RHEL-10.2-20251216.0

Steps to Reproduce:

  1. Deploy a RHEL 10.2 Image Mode system hardened with CIS Server or Workstation Level 2 profile.
  2. Run an oscap scan of the deployed system.

Actual Results:

Rule fails in the post-deployment verification scan.

Expected Results:

Rule passes in the post-deployment verification scan.

Additional Information/Debugging Steps:

it could be related to coreos/bootupd#952

Metadata

Metadata

Assignees

No one assigned

    Labels

    CISCIS Benchmark related.Image ModeBootable containers and Image Mode RHELRHEL10Red Hat Enterprise Linux 10 product related.productization-issueIssue found in upstream stabilization process.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions