ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.22k stars 698 forks source link

[DO NOT MERGE] Adapt sysctl template for use in oscap-bootc #12543

Closed jan-cerny closed 3 weeks ago

jan-cerny commented 3 weeks ago

OVAL check in sysctl template consists of 2 parts where the first part checks configuration and second checks the runtime status of the sysctl option. But, when building a bootable container image we face a problem that the runtime status doesn't make sense to check and can't be changed by the remediation. That causes the check after remediation fails and the rule result is error. Therefore, we need to suppress then runtime part of the check when building a bootable container image. Also, we shouldn't attempt to change runtime while building a bootable container image.

Description:

Rationale:

Review Hints:

openshift-ci[bot] commented 3 weeks ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

github-actions[bot] commented 3 weeks ago

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

codeclimate[bot] commented 3 weeks ago

Code Climate has analyzed commit 1fc7fd70 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.