[Open-scap] Checking directory existence using indirection

Daniel Kopecek dkopecek at redhat.com
Wed Aug 25 22:19:36 UTC 2010


On Wed, 25 Aug 2010 17:55:39 -0400
Marshall Miller <mmiller at tresys.com> wrote:
> It does not work with the content that was originally provided, but
> it does not work when the variable used to create the file object
> contains more than one value.
> 
> I am attaching updated content with two definitions.  One correctly
> evaluates to true, but the other incorrectly evaluates to false.

When referencing variables with multiple values you have to be careful
with the var_check attribute. It defaults to "all" which is not the right
value in your case. You want "at least one" or "only one". In case of
"only one" you have to ensure that there aren't duplicate values in the
variable.

So changing the path entity in obj:1001 to

  <path operation="equals" var_ref="oval:com.tresys.oval.rhel:var:1001" var_check="at least one"/>

fixes the problem.

> Thanks,
> Marshall Miller
> 

Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20100826/16aa8d36/attachment.sig>


More information about the Open-scap-list mailing list