STIG profile scan fails on RHEL 8 system created by Image Builder

[jan-cerny]

Description of problem:

On 2023-06-11 we discovered in daily productization that the test /hardening/image-builder/stig errors on RHEL 8.10. The error is reproducible using autocontest. The reason is that the deployed virtual machine doesn't have enough space on the disk.

SCAP Security Guide Version:

current upstream master as of 2023-06-10 as of HEAD 66e0c73

Operating System Version:

RHEL-8.10.0-updates-20260309.1

Steps to Reproduce:

1. run contest test /hardening/image-builder/stig on RHEL 8.10

Actual Results:

I/O error : No space left on device
I/O error : write error
W: oscap: No bytes exported: xmlCode: -1.

Expected Results:

The STIG profile scan completes successfully.

Additional Information/Debugging Steps:

We have discovered that the deployed virtual machine has only 3 GB of disk space allocated for the root ("/") file system. After the scan fails, this partition is fully occupied.

This can be related to fact that the Blueprint for Image Builder requires that /var/log/audit partition should have at least 10 GB size.

A similar situation is handled in kickstart tests on the contest side:

https://github.com/RHSecurityCompliance/contest/blob/fecac7db6d900733ab3468e07b5c4005c9194158/lib/virt.py#L908