The partitioning_mode = "raw" (https://osbuild.org/docs/user-guide/blueprint-reference/#partitioning-mode) makes sure that / filesystem is grown to fill any left over space on the partition table which is not the default behavior with auto-lvm and when filesystem customizations are used in blueprint (in which case lvm is used). With partitioning_mode = lvm the / partition is set to be of minimal hard-coded size, based on https://osbuild.org/docs/user-guide/partitioning/ these are:
These are 1 GiB for / and 2 GiB for /usr. This means that, if /usr is not on a separate partition, the root filesystem will always be at least 3 GiB.
This size is not enough for some profiles like STIG where the 3 GiB size for / was causing No space left on device errors, see ComplianceAsCode/content#14551
Therefore, we should update OpenSCAP to generate the blueprint with:
[customizations]
partitioning_mode = "raw"
This was already done in our tests by RHSecurityCompliance/contest#586, once this issue is resolved the customization in contest should be removed.
The
partitioning_mode = "raw"(https://osbuild.org/docs/user-guide/blueprint-reference/#partitioning-mode) makes sure that/filesystem is grown to fill any left over space on the partition table which is not the default behavior withauto-lvmand when filesystem customizations are used in blueprint (in which caselvmis used). Withpartitioning_mode = lvmthe/partition is set to be of minimal hard-coded size, based on https://osbuild.org/docs/user-guide/partitioning/ these are:This size is not enough for some profiles like STIG where the 3 GiB size for
/was causingNo space left on deviceerrors, see ComplianceAsCode/content#14551Therefore, we should update OpenSCAP to generate the blueprint with:
This was already done in our tests by RHSecurityCompliance/contest#586, once this issue is resolved the customization in contest should be removed.