mount_option_nodev_nonroot_local_partitions reported as failing after scan of IB created image

[vojtapolasek]

Description of problem:

When provisioning system with Imagebuilder and hardening with CUI profile, the rule mount_option_nodev_nonroot_local_partitions is reported as fail in the final scan.

SCAP Security Guide Version:

master as of 7425c4e

Operating System Version:

RHEL 8

Steps to Reproduce:

Perform hardening of the system with Imagebuilder.
Some steps might be here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/composing_a_customized_rhel_system_image/assembly_creating-pre-hardened-images-with-image-builder-openscap-integration_composing-a-customized-rhel-system-image

Actual Results:

The rule is marked as "pass" during initial scan. But then the remediation seems to be applied. And in the final scan the rule is reported as "fail". The mount point which causes the fail is /boot/efi.

Expected Results:

The rule is marked as "pass".

Additional Information/Debugging Steps:

Due to the problem being /boot/efi, it might be caused by Imagebuilder when composing the image.int

[mildas]

@evgenyz Any updates?
If you have done some investigation and reported downstream issue on IB side, it's enough. In such case, send me link to the issue, I will update waivers and then we can label this issue as blocked.