Skip motd check in hardened images

SUSE-Enceladus / img-proof

img-proof provides a command line utility to test images in the Public Cloud

https://img-proof.readthedocs.io/en/latest/

GNU General Public License v3.0

14 stars 7 forks source link

Skip motd check in hardened images #349

Closed smarlowucf closed 1 year ago

rjschwei commented 1 year ago

@jgleissner set the variant_id in keg recipes accordingly, please.

pdostal commented 1 year ago

Can I ask why motd check is not applicable in FIPS mode?

rjschwei commented 1 year ago

@pdostal we have to skip that test for hardened images, the banner_etc_motd rule sets the content and file_groupowner_etc_motd file_owner_etc_motd and file_permissions_etc_motd rules set the permissions.

Or in short the hardening rules impose a set message that does not match our test. We could fork in the test that ensures the message for hardened images is set properly, but that would be redundant as it is set by a specific rule being applied and if rule application fails the build fails.

pdostal commented 1 year ago

Understand now, thank you