search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.22k stars 698 forks source link

Adapt sysctl template for bootable containers #12552

Closed jan-cerny closed 2 weeks ago

jan-cerny commented 3 weeks ago

Add an SCE check to the sysctl template special for bootable containers. We don't want to use OVAL check in this template because the OVAL check checks runtime status using OpenSCAP sysctl probe. The probe doesn't return meaningful results during podman build process and also it doesn't make sense to check runtime during the build. We need to check only the static configuration. Moreover, we update the Bash remediation to not set the runtime status during podman build process.

openshift-ci[bot] commented 3 weeks ago

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

github-actions[bot] commented 3 weeks ago

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

jan-cerny commented 3 weeks ago

/packit build

jan-cerny commented 2 weeks ago

I have rebased this PR on the top of the latest upstream master branch. Then, I have add support for multiple values in sysctlvar parameter.

codeclimate[bot] commented 2 weeks ago

Code Climate has analyzed commit 257d2579 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.