Add oscap debug

[comps]

(Not sure we should merge this in any form, this is just for possibly temporary testing and having it as a PR is convenient as our CI can run it.)

[comps]

Added 3 tests in total:

• vm-scan uses a nested VM to run a scan and try to reproduce the freeze - this seems to be MUCH faster than trying to run it on the same host OS, possibly because the host has a lot more packages (files on disk) due to being installed by Beaker -- freeze typically happens within 1-100 runs, longest took ~300
• sysctl-only is unselecting everything except sysctl rules and running those on the host OS (which is fast enough) -- the only freeze I was able to reproduce was after ~5000 runs, not very reliable
• helgrind is not trying to freeze openscap, it just runs oscap via valgrind --tool=helgrind on the host OS to try to debug threads deadlocking

[mildas]

Got error on rhel9 sysctl-only

Using host libthread_db library "/lib64/libthread_db.so.1".
__futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x0, op=393, expected=0, futex_word=0x55f8267d8774) at futex-internal.c:57
57      return INTERNAL_SYSCALL_CANCEL (futex_time64, futex_word, op, expected,
warning: target file /proc/1301254/cmdline contained unexpected null characters
warning: Memory read failed for corefile section, 4096 bytes at 0xffffffffff600000.
Saved corefile oscap.core
gdb.script:5: Error in sourced command file:
Undefined set logging command: "enabled on".  Try "help set logging".
[Inferior 1 (process 1301254) detached]
Traceback (most recent call last):
  File "/var/tmp/tmt/run-004/default/plan/discover/default-0/tests/scanning/oscap-debug/sysctl-only.py", line 61, in <module>
    returncode = oscap_proc.wait(oscap_timeout)
  File "/usr/lib64/python3.9/subprocess.py", line 1189, in wait
    return self._wait(timeout=timeout)
  File "/usr/lib64/python3.9/subprocess.py", line 1925, in _wait
    raise TimeoutExpired(self.args, timeout)
subprocess.TimeoutExpired: Command '['oscap', 'xccdf', 'eval', '--profile', 'anssi_bp28_high', '--progress', 'scan-ds.xml']' timed out after 10 seconds

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/tmp/tmt/run-004/default/plan/discover/default-0/tests/lib/runtest.py", line 74, in <module>
    runpy.run_path(str(test_script), run_name='__main__')
  File "/usr/lib64/python3.9/runpy.py", line 288, in run_path
    return _run_module_code(code, init_globals, run_name,
  File "/usr/lib64/python3.9/runpy.py", line 97, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/var/tmp/tmt/run-004/default/plan/discover/default-0/tests/scanning/oscap-debug/sysctl-only.py", line 86, in <module>
    util.subprocess_run(
  File "/var/tmp/tmt/run-004/default/plan/discover/default-0/tests/lib/util/subprocess.py", line 20, in subprocess_run
    return subprocess.run(cmd, **kwargs)
  File "/usr/lib64/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['gdb', '-n', '-batch', '-x', 'gdb.script', '-p', '1301254']' returned non-zero exit status 1.
2024-09-24 11:17:17 runtest.py:77: lib.results.report_plain:160: ERROR / (CalledProcessError: Command '['gdb', '-n', '-batch', '-x', 'gdb.script', '-p', '1301254']' returned non-zero exit status 1.)

[comps]

Got error on rhel9 sysctl-only

Okay, I was able to reproduce it on 9.6, it worked on 9.5, will fix.

gdb.script:5: Error in sourced command file: Undefined set logging command: "enabled on". Try "help set logging".

[comps]

Actually, it was not 9.6, it was just RHEL-8, which I presume was your version as well and "rhel9" was a typo.

I tried using the older syntax of

set logging on

and that got rid of the error on RHEL-8 (while still working fine on 9), but it didn't make the test work on 8, now gdb just prints

Saved corefile oscap.core

and exits with error.

So I will probably limit the gdb-style tests to RHEL-9+, which should be good enough. We'll see if any freezing fixes helped on RHEL-8 simply by running normal tests.

[comps]

Rebased + added a commit to avoid running these in productization.

Ie.

$ tmt tests show ./helgrind
/scanning/oscap-debug/helgrind
                 summary Runs oscap via valgrind - helgrind
               component scap-security-guide
                    test python3 -m lib.runtest ./helgrind.py
                    path /scanning/oscap-debug
               framework shell
                  manual false
                     tty false
                 require - type: file
                           pattern: /lib
                         - type: file
                           pattern: /conf
                         - scap-security-guide
                         - valgrind
               recommend python3
                         python36
                         python3-requests
                         python36-requests
                         python3-pyyaml
                         python36-pyyaml
                         python3-rpm
                         python36-rpm
                         rpm-build
             environment AVC_ERROR: +no_avc_check
                         TMPDIR: /var/tmp
                         PYTHONPATH: ../..
                duration 4h
                 enabled true
                  result custom
       restart_max_count 1
     restart_with_reboot false
                     tag needs-param