Running oscap-chroot as oscap-chroot /host xccdf eval --verbose INFO --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_moderate --results-arf /tmp/report-arf.xml --rule xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled /content/ssg-ocp4-ds.xml The scanner returned 0 I: oscap: Identified document type: data-stream-collection I: oscap: Created a new XCCDF session from a SCAP Source Datastream '/content/ssg-ocp4-ds.xml'. I: oscap: Identified document type: Benchmark I: oscap: Identified document type: cpe-list I: oscap: Started new OVAL agent ssg-ocp4-oval.xml. I: oscap: Querying system information. I: oscap: Starting probe on URI 'queue://system_info'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run system_info_probe_main: I: oscap: Evaluating a XCCDF policy with selected 'xccdf_org.ssgproject.content_profile_moderate' profile. Title Ensure No Device Files are Unlabeled by SELinux Rule xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled I: oscap: Evaluating XCCDF rule 'xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled'. I: oscap: Started new OVAL agent ssg-ocp4-cpe-oval.xml. I: oscap: Querying system information. I: oscap: Starting probe on URI 'queue://system_info'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run system_info_probe_main: I: oscap: Evaluating definition 'oval:ssg-installed_app_is_ocp4:def:1': Red Hat OpenShift Container Platform. I: oscap: Criteria are extended by definition 'oval:ssg-installed_OS_is_rhel8:def:1'. I: oscap: Evaluating definition 'oval:ssg-installed_OS_is_rhel8:def:1': Red Hat Enterprise Linux 8. I: oscap: Evaluating family test 'oval:ssg-test_rhel8_unix_family:tst:1': installed OS part of unix family. I: oscap: Querying family object 'oval:ssg-obj_rhel8_unix_family:obj:1', flags: 0. I: oscap: Creating new syschar for family_object 'oval:ssg-obj_rhel8_unix_family:obj:1'. I: oscap: Starting probe on URI 'queue://family'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run family_probe_main: I: oscap: Test 'oval:ssg-test_rhel8_unix_family:tst:1' requires that at least one object defined by 'oval:ssg-obj_rhel8_unix_family:obj:1' exists on the system. I: oscap: 1 objects defined by 'oval:ssg-obj_rhel8_unix_family:obj:1' exist on the system. I: oscap: All items matching object 'oval:ssg-obj_rhel8_unix_family:obj:1' were collected. (flag=complete) I: oscap: In test 'oval:ssg-test_rhel8_unix_family:tst:1' all of the collected items must satisfy these states: 'oval:ssg-state_rhel8_unix_family:ste:1'. I: oscap: Entity 'family'='unix' of item '1000083' matches corresponding entity in state 'oval:ssg-state_rhel8_unix_family:ste:1'. I: oscap: Item '1000083' compared to state 'oval:ssg-state_rhel8_unix_family:ste:1' with result true. I: oscap: Test 'oval:ssg-test_rhel8_unix_family:tst:1' evaluated as true. I: oscap: Evaluating rpminfo test 'oval:ssg-test_rhel8:tst:1': redhat-release is version 8. I: oscap: Querying rpminfo object 'oval:ssg-obj_rhel8:obj:1', flags: 0. I: oscap: Creating new syschar for rpminfo_object 'oval:ssg-obj_rhel8:obj:1'. I: oscap: Starting probe on URI 'queue://rpminfo'. I: oscap: Switching probe to PROBE_OFFLINE_CHROOT mode. I: oscap: I will run rpminfo_probe_main: I: oscap: Package "redhat-release" not found. I: oscap: Leaving chroot mode I: oscap: Test 'oval:ssg-test_rhel8:tst:1' requires that at least one object defined by 'oval:ssg-obj_rhel8:obj:1' exists on the system. I: oscap: 0 objects defined by 'oval:ssg-obj_rhel8:obj:1' exist on the system. I: oscap: No item matching object 'oval:ssg-obj_rhel8:obj:1' was found on the system. (flag=does not exist) I: oscap: Test 'oval:ssg-test_rhel8:tst:1' evaluated as false. I: oscap: Evaluating textfilecontent54 test 'oval:ssg-test_rhel8_coreos:tst:1': redhat-release-coreos is version 8. I: oscap: Querying textfilecontent54 object 'oval:ssg-obj_rhel8_coreos:obj:1', flags: 0. I: oscap: Creating new syschar for textfilecontent54_object 'oval:ssg-obj_rhel8_coreos:obj:1'. I: oscap: Starting probe on URI 'queue://textfilecontent54'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run textfilecontent54_probe_main: I: oscap: Opening file '/host/etc/os-release'. I: oscap: Test 'oval:ssg-test_rhel8_coreos:tst:1' requires that at least one object defined by 'oval:ssg-obj_rhel8_coreos:obj:1' exists on the system. I: oscap: 1 objects defined by 'oval:ssg-obj_rhel8_coreos:obj:1' exist on the system. I: oscap: All items matching object 'oval:ssg-obj_rhel8_coreos:obj:1' were collected. (flag=complete) I: oscap: In test 'oval:ssg-test_rhel8_coreos:tst:1' all of the collected items must satisfy these states: 'oval:ssg-state_rhel8_coreos:ste:1'. I: oscap: Entity 'subexpression'='8' of item '1000084' matches corresponding entity in state 'oval:ssg-state_rhel8_coreos:ste:1'. I: oscap: Item '1000084' compared to state 'oval:ssg-state_rhel8_coreos:ste:1' with result true. I: oscap: Test 'oval:ssg-test_rhel8_coreos:tst:1' evaluated as true. I: oscap: Evaluating rpminfo test 'oval:ssg-test_rhvh4_version:tst:1': redhat-release-virtualization-host RPM package is installed. I: oscap: Querying rpminfo object 'oval:ssg-obj_rhvh4_version:obj:1', flags: 0. I: oscap: Creating new syschar for rpminfo_object 'oval:ssg-obj_rhvh4_version:obj:1'. I: oscap: Switching probe to PROBE_OFFLINE_CHROOT mode. I: oscap: I will run rpminfo_probe_main: I: oscap: Package "redhat-release-virtualization-host" not found. I: oscap: Leaving chroot mode I: oscap: Test 'oval:ssg-test_rhvh4_version:tst:1' requires that only one object defined by 'oval:ssg-obj_rhvh4_version:obj:1' exists on the system. I: oscap: 0 objects defined by 'oval:ssg-obj_rhvh4_version:obj:1' exist on the system. I: oscap: No item matching object 'oval:ssg-obj_rhvh4_version:obj:1' was found on the system. (flag=does not exist) I: oscap: Test 'oval:ssg-test_rhvh4_version:tst:1' evaluated as false. I: oscap: Evaluating textfilecontent54 test 'oval:ssg-test_rhevh_rhel8_version:tst:1': RHEVH base RHEL is version 8. I: oscap: Querying textfilecontent54 object 'oval:ssg-obj_rhevh_rhel8_version:obj:1', flags: 0. I: oscap: Creating new syschar for textfilecontent54_object 'oval:ssg-obj_rhevh_rhel8_version:obj:1'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run textfilecontent54_probe_main: I: oscap: Opening file '/host/etc/redhat-release'. I: oscap: Test 'oval:ssg-test_rhevh_rhel8_version:tst:1' requires that at least one object defined by 'oval:ssg-obj_rhevh_rhel8_version:obj:1' exists on the system. I: oscap: 0 objects defined by 'oval:ssg-obj_rhevh_rhel8_version:obj:1' exist on the system. I: oscap: No item matching object 'oval:ssg-obj_rhevh_rhel8_version:obj:1' was found on the system. (flag=does not exist) I: oscap: Test 'oval:ssg-test_rhevh_rhel8_version:tst:1' evaluated as false. I: oscap: Definition 'oval:ssg-installed_OS_is_rhel8:def:1' evaluated as true. I: oscap: Definition 'oval:ssg-installed_app_is_ocp4:def:1' evaluated as true. I: oscap: Evaluating definition 'oval:ssg-installed_env_is_a_machine:def:1': Check if the scan target is a machine. I: oscap: Criteria are extended by definition 'oval:ssg-installed_env_is_a_container:def:1'. I: oscap: Evaluating definition 'oval:ssg-installed_env_is_a_container:def:1': Check if the scan target is a container. I: oscap: Evaluating file test 'oval:ssg-test_installed_env_is_a_docker_container:tst:1': Check if /.dockerenv exists. I: oscap: Querying file object 'oval:ssg-object_installed_env_is_a_docker_container:obj:1', flags: 0. I: oscap: Creating new syschar for file_object 'oval:ssg-object_installed_env_is_a_docker_container:obj:1'. I: oscap: Starting probe on URI 'queue://file'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run file_probe_main: I: oscap: Opening file '/host/.dockerenv'. I: oscap: Test 'oval:ssg-test_installed_env_is_a_docker_container:tst:1' requires that every object defined by 'oval:ssg-object_installed_env_is_a_docker_container:obj:1' exists on the system. I: oscap: 0 objects defined by 'oval:ssg-object_installed_env_is_a_docker_container:obj:1' exist on the system. I: oscap: Test 'oval:ssg-test_installed_env_is_a_docker_container:tst:1' does not contain any state to compare object with. I: oscap: No item matching object 'oval:ssg-object_installed_env_is_a_docker_container:obj:1' was found on the system. (flag=does not exist) I: oscap: Test 'oval:ssg-test_installed_env_is_a_docker_container:tst:1' evaluated as false. I: oscap: Evaluating file test 'oval:ssg-test_installed_env_is_a_podman_container:tst:1': Check if /run/.containerenv exists. I: oscap: Querying file object 'oval:ssg-object_installed_env_is_a_podman_container:obj:1', flags: 0. I: oscap: Creating new syschar for file_object 'oval:ssg-object_installed_env_is_a_podman_container:obj:1'. I: oscap: Switching probe to PROBE_OFFLINE_OWN mode. I: oscap: I will run file_probe_main: I: oscap: Opening file '/host/run/.containerenv'. I: oscap: Test 'oval:ssg-test_installed_env_is_a_podman_container:tst:1' requires that every object defined by 'oval:ssg-object_installed_env_is_a_podman_container:obj:1' exists on the system. I: oscap: 0 objects defined by 'oval:ssg-object_installed_env_is_a_podman_container:obj:1' exist on the system. I: oscap: Test 'oval:ssg-test_installed_env_is_a_podman_container:tst:1' does not contain any state to compare object with. I: oscap: No item matching object 'oval:ssg-object_installed_env_is_a_podman_container:obj:1' was found on the system. (flag=does not exist) I: oscap: Test 'oval:ssg-test_installed_env_is_a_podman_container:tst:1' evaluated as false. I: oscap: Definition 'oval:ssg-installed_env_is_a_container:def:1' evaluated as false. I: oscap: Definition 'oval:ssg-installed_env_is_a_machine:def:1' evaluated as true. I: oscap: Evaluating definition 'oval:ssg-installed_env_is_a_machine:def:1': Check if the scan target is a machine. I: oscap: Definition 'oval:ssg-installed_env_is_a_machine:def:1' evaluated as true. I: oscap: This rule requires an OCIL check. OCIL checks are not supported by OpenSCAP. Result notchecked The rds-split operation returned 0