/hardening/image-builder tests for various profiles error on RHEL 8.10 #13906
Description
Description of problem:
Image builder fails to build a hardened image of RHEL 8.10 for cis, cis_workstation_l2, cui, ospp and stig profiles. There are many following fail messages printed in the log all over the place:
Failed to create file /sys/fs/selinux/checkreqprot: Read-only file system
and the test returns following error (snippet from the end of the log):
Remediating rule 401/402: 'xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_auditd'
Remediating rule 402/402: 'xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd'
Pack the result files: ['xz', '/run/osbuild/tree/oscap_data/oscap_eval_xccdf_results.xml']
Stage: org.osbuild.selinux
Output:
Failed to create file /sys/fs/selinux/checkreqprot: Read-only file system
2025-09-18 11:58:55 test.py:28: lib.util.httpsrv.BackgroundHTTPServer.stop:181: ending: 127.0.0.1:35427
Traceback (most recent call last):
File "/builds/security-compliance/productization/runcontest-MIDz08/datadir/task160/plans/daily/discover/default-0/tests/lib/runtest.py", line 78, in <module>
runpy.run_path(str(test_script), run_name='__main__')
File "<frozen runpy>", line 291, in run_path
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/builds/security-compliance/productization/runcontest-MIDz08/datadir/task160/plans/daily/discover/default-0/tests/hardening/image-builder/test.py", line 28, in <module>
g.create(blueprint=blueprint, rpmpack=rpmpack, secure_boot=('uefi' in metadata.tags()))
File "/builds/security-compliance/productization/runcontest-MIDz08/datadir/task160/plans/daily/discover/default-0/tests/lib/osbuild.py", line 346, in create
self.create_basic(blueprint=blueprint, **kwargs)
File "/builds/security-compliance/productization/runcontest-MIDz08/datadir/task160/plans/daily/discover/default-0/tests/lib/osbuild.py", line 282, in create_basic
with Compose.build(bp_name) as ident:
File "/usr/lib64/python3.11/contextlib.py", line 137, in __enter__
return next(self.gen)
^^^^^^^^^^^^^^
File "/builds/security-compliance/productization/runcontest-MIDz08/datadir/task160/plans/daily/discover/default-0/tests/lib/osbuild.py", line 150, in build
raise RuntimeError(f"failed to build: {entry}")
RuntimeError: failed to build: ComposeEntry(id='458258d1-dba7-4c5f-ac70-1e7a2430758e', status='FAILED', blueprint='contest_blueprint', version='0.1.79', type='qcow2')
SCAP Security Guide Version:
Operating System Version:
RHEL 8.10
Steps to Reproduce:
- Use autocontest to run:
/hardening/image-builder/cis
/hardening/image-builder/cis_workstation_l2
/hardening/image-builder/cui
/hardening/image-builder/ospp
/hardening/image-builder/stig
Actual Results:
Error when building a hardened RHEL 8.10 image for cis, cis_workstation_l2, cui, ospp or stig profiles using image builder.
Expected Results:
Hardened image builds without any errors.