Skip to content
This repository has been archived by the owner on Jul 13, 2021. It is now read-only.

How modules affect the Preupgrade Assistant return code

Jump to bottom
Michal Bocek edited this page Jul 28, 2017 · 3 revisions 
   .--------------------------------.--------------------------------.
   | Module called functions        | BEHAVIOR                       |
   .----------------.---------------|------------------.-------------.
   | exit_x         | log_x_risk    | result in XML    | return code |
   |================|===============|==================|=============|
   | fail           | <not called>  | error            |  2          |
   | fail           | slight        | needs_inspection |  0          |
   | fail           | medium        | needs_inspection |  0          |
   | fail           | high          | needs_action     |  1          |
   | fail           | extreme       | fail             |  2          |
   |----------------|---------------|------------------|-------------|
   | fixed          | <not called>  | fixed            |  0          |
   | fixed          | <any risk>    | error            |  2          |
   |----------------|---------------|------------------|-------------|
   | informational  | <not called>  | informational    |  0          |
   | informational  | <any risk>    | error            |  2          |
   |----------------|---------------|------------------|-------------|
   | not_applicable | <not called>  | notapplicable    |  0          |
   | not_applicable | <any risk>    | error            |  2          |
   |----------------|---------------|------------------|-------------|
   | pass           | <not called>  | pass             |  0          |
   | pass           | <any risk>    | error            |  2          |
   |----------------|---------------|------------------|-------------|
   | error          | <not called>  | error            |  2          |
   | error          | <any risk>    | error            |  2          |
   |----------------|---------------|------------------|-------------|
   | N/A*           | N/A*          | notselected      |  0          |
   | N/A*           | N/A*          | notchecked       |  0          |
   |----------------|---------------|------------------|-------------|
   | <not called>   | <not called>  | undefined**      |  ?          |
   | <not called>   | <any risk>    | undefined**      |  ?          |
   .----------------.---------------.------------------.-------------.
   * OpenSCAP hasn't run the module's check script
   ** If the exit_x is not called in the check script the result is undefined.
      To be more precise, the result will depend on with which code the check
      script exits. See the exit codes 101-109 accepted by OpenSCAP below. OpenSCAP
      evaluates exit codes other than 101-109 as error(103).

Module set API function exit_x tells OpenSCAP to set one of the following results:

pass(101), fail(102), error(103), notapplicable(105), informational(108), fixed(109)

Under certain circumstances, OpenSCAP can use the following additional results:

  unknown(104) .. Could not tell what happened
  notchecked(106) .. Rule doesn't have any check script defined
  notselected(107) .. Rule was not selected in the XCCDF Benchmark

Then, after getting the XML report from OpenSCAP, the Preupgrade Assistant changes the modules' results as follows:

  • replace fail with:
    • needs_inspection in case the module has SLIGHT or MEDIUM risk
    • needs_action in case the module has HIGH risk
  • replace any non-fail result with error in case the module has any risk, because risks are allowed only when the result is fail
  • replace unknown with error
Clone this wiki locally