[OVAL DEVELOPER] [Non-DoD Source] Re: Solaris 11 Facet, Variant, and Image Test Implementation
McIlroy, Douglas M CIV SPAWARSYSCEN-ATLANTIC, 58600
douglas.mcilroy at navy.mil
Thu Nov 19 14:03:47 EST 2015
Thank you so much for your follow-up Darren. With that clarification, only one small matter still remains that I have been puzzling over. Listing boot environments (beadm list) is one way to enumerate some image root directories. However, I'm still not sure how to interrogate the system for a complete enumeration including user image directories. Currently, my solution consists of parsing the 'BASEDIR' field values out of 'pkginfo -l' command output, but I'm not certain that I can trust output from a utility that is part of the legacy package management system.
From: Darren J Moffat [Darren.Moffat at Oracle.COM]
Sent: Wednesday, November 18, 2015 4:29 AM
To: McIlroy, Douglas M CIV SPAWARSYSCEN-ATLANTIC, 58600; oval_developer at lists.cisecurity.org
Subject: Re: [Non-DoD Source] Re: [OVAL DEVELOPER] Solaris 11 Facet, Variant, and Image Test Implementation
On 11/17/15 19:57, McIlroy, Douglas M CIV SPAWARSYSCEN-ATLANTIC, 58600
> Thank you for your response, Darren. I was indeed looking closely at the
> pkg command for a solution, but was not sure how it would fit in with
> the logic of the facet, variant, and image OVAL tests. In light of your
> verification that leveraging the pkg command is the correct direction, I
> would like clarification of how that command would handle the path
> entity that is required by the facet, variant, and image objects. After
> closely examining the pkg man page, I'm still not sure how to use it for
> evaluating these system characteristics with respect to a given image path.
The path in those objects is the path to the image. If you are looking
at a live system then that path is almost always going to be "/" because
that is where the root of the installed image is.
If you run pkg(1) against another image like this 'pkg -R /mnt facet'
then the path in the object would be "/mnt".
Currently the most interesting case for a path that isn't "/" is for
looking at an alternate boot environment image, ie a Solaris OS install
that is not currently running.
There is also the concept of a "user image", ie one which isn't a normal
Solaris OS installation but just some other IPS packages. The intention
of this is for application installations that aren't tightly tied to the
OS package versions but are still delivered in IPS.
Darren J Moffat
More information about the OVAL_Developer