Bug 8815 - [Anolis23.1 GA][Beta][ANCK-6.6.25-2][x86-64/aarch64]security-benchmark测试5.5-ensure-no-unconfined-services-exist.sh 存在unconfined的服务
Summary: [Anolis23.1 GA][Beta][ANCK-6.6.25-2][x86-64/aarch64]security-benchmark测试5.5-e...
Status: CLOSED WONTFIX
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Modules (show other bugs) BaseOS Modules
Version: 23.1
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: beta
Assignee: tj
QA Contact: shuming
URL:
Whiteboard:
Keywords: Function
Depends on:
Blocks:
 
Reported: 2024-04-22 14:50 UTC by wanqian
Modified: 2024-05-10 15:19 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description wanqian alibaba_cloud_group 2024-04-22 14:50:06 UTC 
[问题简述]
6.6.25-2_rc1.an23 security-benchmark测试5.5-ensure-no-unconfined-services-exist.sh 存在unconfined服务


[复验步骤]:
 git clone https://gitee.com/anolis/security-benchmark.git
 cd security-benchmark/scanners/mandatory-access-control
bash -x 5.5-ensure-no-unconfined-services-exist.sh

[期望结果]
case pass

[实际结果]

[root@iZbp1c9jzchxjqive233udZ mandatory-access-control]# bash -x 5.5-ensure-no-unconfined-services-exist.sh
++ ps -eZ
++ grep unconfined_service_t
+ result='system_u:system_r:unconfined_service_t:s0 587 ?  00:00:28 assist_daemon
system_u:system_r:unconfined_service_t:s0 588 ?  00:00:00 CmsGoAgent.linu
system_u:system_r:unconfined_service_t:s0 642 ?  00:04:49 exe
system_u:system_r:unconfined_service_t:s0 669 ?  00:00:00 keentuned
system_u:system_r:unconfined_service_t:s0 705 ?  00:00:00 keentune-target
system_u:system_r:unconfined_service_t:s0 875 ?  00:01:37 aliyun-service
system_u:system_r:unconfined_service_t:s0 3866 ? 00:04:18 AliYunDun
system_u:system_r:unconfined_service_t:s0 3877 ? 00:17:46 AliYunDunMonito
system_u:system_r:unconfined_service_t:s0 457349 ? 00:00:37 AliYunDunUpdate'
+ [[ system_u:system_r:unconfined_service_t:s0 587 ?  00:00:28 assist_daemon
system_u:system_r:unconfined_service_t:s0 588 ?  00:00:00 CmsGoAgent.linu
system_u:system_r:unconfined_service_t:s0 642 ?  00:04:49 exe
system_u:system_r:unconfined_service_t:s0 669 ?  00:00:00 keentuned
system_u:system_r:unconfined_service_t:s0 705 ?  00:00:00 keentune-target
system_u:system_r:unconfined_service_t:s0 875 ?  00:01:37 aliyun-service
system_u:system_r:unconfined_service_t:s0 3866 ? 00:04:18 AliYunDun
system_u:system_r:unconfined_service_t:s0 3877 ? 00:17:46 AliYunDunMonito
system_u:system_r:unconfined_service_t:s0 457349 ? 00:00:37 AliYunDunUpdate == '' ]]
+ echo fail
fail

[root@iZbp1c9jzchxjqive233udZ mandatory-access-control]# ps -eZ | grep unconfined_service_t
system_u:system_r:unconfined_service_t:s0 587 ?  00:00:28 assist_daemon
system_u:system_r:unconfined_service_t:s0 588 ?  00:00:00 CmsGoAgent.linu
system_u:system_r:unconfined_service_t:s0 642 ?  00:04:49 exe
system_u:system_r:unconfined_service_t:s0 669 ?  00:00:00 keentuned
system_u:system_r:unconfined_service_t:s0 705 ?  00:00:00 keentune-target
system_u:system_r:unconfined_service_t:s0 875 ?  00:01:37 aliyun-service
system_u:system_r:unconfined_service_t:s0 3866 ? 00:04:18 AliYunDun
system_u:system_r:unconfined_service_t:s0 3877 ? 00:17:46 AliYunDunMonito
system_u:system_r:unconfined_service_t:s0 457349 ? 00:00:37 AliYunDunUpdate


[测试环境]

[root@iZbp143ti4ccpaufkzata3Z build]# uname -r ; python -V
6.6.25-2_rc1.an23.aarch64
Python 3.10.13

[root@iZbp1c9jzchxjqive233udZ system-configurations]# cat /etc/os-release
NAME="Anolis OS"
VERSION="23"
ID="anolis"
VERSION_ID="23"
PLATFORM_ID="platform:an23"
PRETTY_NAME="Anolis OS 23"
ANSI_COLOR="0;31"
HOME_URL="https://openanolis.cn/"
BUG_REPORT_URL="https://bugzilla.openanolis.cn/"


[出现频率]
必现

[原因分析]:
Comment 1 tj alibaba_cloud_group 2024-05-06 15:30:29 UTC 
出这个问题的镜像是测试镜像,没有业务需求,暂不处理
Comment 2 tj alibaba_cloud_group 2024-05-06 15:44:06 UTC 
出这个问题的镜像是测试镜像,没有业务需求,暂不处理
Comment 3 tj alibaba_cloud_group 2024-05-09 16:20:37 UTC 
这是测试镜像的特有问题,而且影响面也只有security-benchmark这个包,不影响正常的版本发布