- 发布:
- 2021-11-10
- 已更新:
- 2021-11-10
RHBA-2021:4530 - Bug Fix Advisory
概述
OpenShift Compliance Operator bug fix and enhancement update
类型/严重性
Bug Fix Advisory
标题
An updated OpenShift Compliance Operator image that fixes various bugs and
adds enhancements is now available for the Red Hat OpenShift Enterprise 4
catalog.
描述
The OpenShift Compliance Operator image update is available with the
following changes:
- add error to the result object as comment (#721)
- fix needs-review unpause pool
- Validate that rules in tailored profile are of appropriate type
- TailoredProfiles: Allocate rules map with expected number of items
- Fix error message json representation in CRD
- aggregator: Remove MachineConfig validation
- Add description to TailoredProfile yaml
- Specify fsgroup, user and non-root user usage in resultserver
- Gather /version when doing Platform scans
- Add flag to skip the metrics deployment
- fetch openscap version during build time
- Add instructions and check type to Rule object
- add support for multi line remediation
- Fix value-required handling.
- Use ClusterRole/ClusterRoleBinding for monitoring permissions
- Remove tailorprofile variable selection check
- Disallow empty titles and descriptions for tailored profiles
- Restart profileparser on failures
- Make default scanTolerations more tolerant
- Associate variable with compliance check result
- Enable Creation of TailoredProfiles without extending existing ones
- Don't shadow an import with a variable name
- compliancescan: Fill the <target> element and the urn:xccdf:fact:identifier for node checks
- Add support for remediation templating for operator
解决方案
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
受影响的产品
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
修复
- BZ - 1969620 - In RHOCP 4.7, compliance operator scan results in XCCDF format has target name missing only for profiles: ocp4-cis-node
- BZ - 1983062 - The rule ocp4-moderate-oauth-or-oauthclient-inactivity-timeout gets FAIL when the OAuth server timeout parameter accessTokenInactivityTimeout is configured as “600s”
- BZ - 1988259 - Rules missing from compliance operator after upgrade from 4.6.30 to 4.6.34
- BZ - 1999374 - Metrics not available on GUI for Compliance Operator
- BZ - 2003170 - Instruction in compliancecheckresults ocp4-cis-configure-network-policies-namespaces is wrong
CVE
(none)
参考
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
