Mathew: Should this also get symlinks? My interruption of the docs says that this will not get symlinks.
Originally posted by @Mab879 in #8404 (comment)
YuumaSato: Hmm, I'm not sure, but my guess is no.
The state of symlink handkling is a mess and confusing to me.
The OVAL doesn't report symlinks as objects, but I don't know if it will follow them.
The Bash remediation doesn't follow symlinks by default, but we make it follow with -L, and we make changes to the symlinks when they are found. (but OVAL doesn't care about them)
The Ansible remediation doesn't follow symlinks by default and we don't make them follow.
And looking at the rule description I'm not sure what is the expectation.
If there is a link from /usr/lib/ to somewhere else, should we go there, check and remediate stuff?
YuumaSato: I think there are a lot of question to answer regarding symlinks:
Should we check and report the files/dirs they point to?
Should we check the symlinks themselves?
Should we follow them?
Besides c715e12, this PR doesn't do much about the symlink situation.
So the situation will stay almost the same... I think this subject should be revisited in a future PR.
Mathew: Should this also get symlinks? My interruption of the docs says that this will not get symlinks.
Originally posted by @Mab879 in #8404 (comment)
YuumaSato: Hmm, I'm not sure, but my guess is no.
The state of symlink handkling is a mess and confusing to me.
The OVAL doesn't report symlinks as objects, but I don't know if it will follow them.
The Bash remediation doesn't follow symlinks by default, but we make it follow with -L, and we make changes to the symlinks when they are found. (but OVAL doesn't care about them)
The Ansible remediation doesn't follow symlinks by default and we don't make them follow.
And looking at the rule description I'm not sure what is the expectation.
If there is a link from /usr/lib/ to somewhere else, should we go there, check and remediate stuff?
YuumaSato: I think there are a lot of question to answer regarding symlinks:
Besides c715e12, this PR doesn't do much about the symlink situation.
So the situation will stay almost the same... I think this subject should be revisited in a future PR.