You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 99-default.rules come back after update. Since the ignition file runs only one time at first boot the updates place the original 99-default.rules back on disk . This does seem to be a bug. I think a solution is to move the 99-default.rules to a different directory that does not get overwritten on update. We are open for other suggestion too.
Impact
The audit rules are not triggering because the 99-default.rules includes a rule that ignores all rules.
Environment and steps to reproduce
Set-up: Nebraska
Task: updates
Action(s): Write ignition file that overwrites 99-default.rules with an empty file.
Error: On update the original 99-default.rules appear.
Thanks for creating an issue, I guess this only happened on Stable where systemd-tmpfile would recreate a deleted file after each reboot. The solution would be to create an empty file or a file with a comment (as shown in the docs PR).
In Flatcar Beta/Alpha this problem is solved and you can delete the file and it won't be created again on reboot because instead of systemd-tmpfile rules provide the OS defaults through the lowerdir of an overlay mount.
Description
The 99-default.rules come back after update. Since the ignition file runs only one time at first boot the updates place the original 99-default.rules back on disk . This does seem to be a bug. I think a solution is to move the 99-default.rules to a different directory that does not get overwritten on update. We are open for other suggestion too.
Impact
The audit rules are not triggering because the 99-default.rules includes a rule that ignores all rules.
Environment and steps to reproduce
Expected behavior
On update the 99-default.rules is not changed.
Additional information
flatcar-archive/coreos-overlay#2545
flatcar-archive/flatcar-docs#296
The text was updated successfully, but these errors were encountered: