This repository has been archived by the owner on Jul 13, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 15
How modules affect the Preupgrade Assistant return code
Michal Bocek edited this page Jul 27, 2017
·
3 revisions
.--------------------------------.--------------------------------.
| Module called functions | BEHAVIOR |
.----------------.---------------|------------------.-------------.
| exit_x | log_x_risk | result in XML | return code |
|================|===============|==================|=============|
| fail | <not called> | error | 2 |
| fail | slight | needs_inspection | 0 |
| fail | medium | needs_inspection | 0 |
| fail | high | needs_action | 1 |
| fail | extreme | fail | 2 |
|----------------|---------------|------------------|-------------|
| fixed | <not called> | fixed | 0 |
| fixed | <any risk> | error | 2 |
|----------------|---------------|------------------|-------------|
| informational | <not called> | informational | 0 |
| informational | <any risk> | error | 2 |
|----------------|---------------|------------------|-------------|
| not_applicable | <not called> | notapplicable | 0 |
| not_applicable | <any risk> | error | 2 |
|----------------|---------------|------------------|-------------|
| pass | <not called> | pass | 0 |
| pass | <any risk> | error | 2 |
|----------------|---------------|------------------|-------------|
| error | <not called> | error | 2 |
| error | <any risk> | error | 2 |
|----------------|---------------|------------------|-------------|
| N/A* | N/A* | notselected | 0 |
| N/A* | N/A* | notchecked | 0 |
|----------------|---------------|------------------|-------------|
| <not called> | <not called> | undefined** | ? |
| <not called> | <any risk> | undefined** | ? |
.----------------.---------------.------------------.-------------.
* OpenSCAP hasn't run the module's check script
** If the exit_x is not called in the check script the result is undefined.
To be more precise, the result will depend on with which code the check
script exits. See the exit codes 1-9 accepted by OpenSCAP below. OpenSCAP
evaluates exit codes other than 1-9 as error(3).
Module set API function exit_x tells OpenSCAP to set one of the following results:
pass(1), fail(2), error(3), notapplicable(5), informational(8), fixed(9)
Under certain circumnstances, OpenSCAP can use the following additional results:
unknown(4) .. Could not tell what happened
notchecked(6) .. Rule doesn't have any check script defined
notselected(7) .. Rule was not selected in the XCCDF Benchmark
Then, after getting the XML report from OpenSCAP, the Preupgrade Assistant changes the modules' results as follows:
- replace fail with:
- needs_inspection in case the module has SLIGHT or MEDIUM risk
- needs_action in case the module has HIGH risk
- replace any non-fail result with error in case the module has any risk, because risks are allowed only when the result is fail
- replace unknown with error